Pegasus, a powerful and invasive spyware, has been known to target high-profile individuals like politicians, journalists, and activists. However, new findings suggest that this spyware might be far more widespread than previously thought, with regular phone users also at risk.
Mobile security platform iVerify recently uncovered seven cases of Pegasus infections in a sample of 2,500 devices scanned by users. This translates to a rate of 2.5 infected devices per 1,000 scans, a significantly higher number than what was assumed earlier. While many people have assumed Pegasus is mostly used on high-risk targets, these findings highlight that ordinary users could also fall victim.
What is Pegasus?
Developed by the cyber-intelligence firm NSO Group, Pegasus is spyware designed for covert surveillance of mobile phones. Its primary purpose is to monitor and collect sensitive data, such as calls, messages, photos, GPS data, and even passwords, without the phone owner’s knowledge. The spyware can be installed secretly, leaving no trace of its presence, and it is compatible with Android, iOS, BlackBerry, Windows Phone, and Symbian operating systems.
Despite its controversial nature, NSO Group claims that Pegasus is sold exclusively to government agencies for legitimate purposes, such as aiding law enforcement and fighting terrorism, money laundering, and other serious crimes. However, the tool has been deployed by both authoritarian and democratic governments to spy on journalists, political leaders, activists, and other individuals deemed high-risk.
How Pegasus Works
Pegasus is notorious for its “zero-click” infection method, which allows it to take control of a device without the owner having to click a link or open a file. The spyware can be delivered through a message or call on apps like WhatsApp, and it can self-install even if the user deletes the message or misses the call.
Once installed, Pegasus has full access to the target device. It can read SMS messages, emails, and chats, capture photos, monitor the phone’s location, and collect other personal data. In addition, it can bypass encrypted communications by intercepting data before encryption. Pegasus also employs tactics like jailbreaking iPhones and rooting Android phones, which essentially disable built-in security controls and allow attackers to modify the device at will.
The price tag for Pegasus is steep—The New York Times reported that in 2016, it cost upwards of $650,000 to install Pegasus on 10 phones, plus a $500,000 setup fee. This high cost highlights its use by powerful entities such as governments and intelligence agencies.
The Growing Threat
Until recently, the scope of Pegasus infections was largely unknown, with investigations focusing mainly on high-risk individuals. However, the release of a mobile scanning tool by iVerify in May 2024 has changed that. The tool allows anyone to scan their device for signs of Pegasus, and the results were eye-opening.
After 2,500 users scanned their devices, iVerify discovered seven infections, most of which were not recent. Some of the infections dated back to late 2023, while others stretched back to 2021 and 2022. This demonstrates how Pegasus can remain undetected for long periods, hidden from traditional security measures.
Interestingly, even though Pegasus is known for its ability to self-delete and leave no traces, forensic artefacts were found in diagnostic data, shutdown logs, and crash logs. This suggests that spyware may not always be as invisible as it is thought to be. Despite its ability to erase its presence, it occasionally fails to cover its tracks completely. Looks like there’s light at the end of the tunnel!
We hope you’ve liked this blog and stick around to see our future releases. We cover everything from recent IT News to Knowledgebase articles. Stay safe!
