Pegasus spyware: Know how it works.

Pegasus spyware

Pegasus spyware is once again making headlines. A news report by The Washington Post and 16 other media houses has revealed that Pegasus has been used to spy on journalists, human rights activists, and business executives across the world.

Let us know what Pegasus spyware is, how it is used by whom.

Pegasus spyware is created by Israel-based surveillance technology company NSO Group, also known as Q Cyber Technologies. Pegasus is not random spyware that you find online. The company NSO Group was established in 2009 in Israel as a specialized surveillance technology solution. Pegasus is its famous spy product. Other than Pegasus, the company offers many other products too.

Who can buy Pegasus spyware

NSO Group claims to work only with authorized Govt. Pegasus is known to be publicly used by the governments of Mexico and Panama. It has 60 customers in 40 countries. The company said that 51% of its users belong to intelligence agencies, 38% to law enforcement agencies, and 11% to the military. According to the company’s website, “NSO Group develops best-in-class technology to help government agencies detect and prevent a wide range of local and global threats. Help law-enforcement agencies use technology to address the challenges of encryption to prevent and investigate terror and crime.”

What can Pegasus steal?

With the Pegasus tool, the attacker can get information about SMS records, contact details, call history, calendar records, instant messaging, and browsing history. According to the product’s brochure, Pegasus can also spy on WhatsApp, Viber, Skype, and BlackBerry messenger. Pegasus can take photos, record audio, take screenshots without informing the user. Pegasus spyware works on devices running on Android, iOS, Windows Phone, Blackberry, Symbian, etc.

The Installation Pegasus spyware

The challenge is to remotely and covertly install the Pegasus tool on a phone to spy on a victim. Pegasus can be installed even if the victim’s phone number is not known; if the attacker does not have the victim’s phone number or email ID, Pegasus agents can then obtain the number using a tactical network element such as a base transceiver station (BTS) after which it can be injected silently. If it is not connected to the command and control server for 60 days or it thinks it has been installed on the wrong device, then it destroys itself.

Did You like the post? Share it now: