Hello, Welcome to QuesAns. This article explains government-sponsored cyber-surveillance malware which is in the news right now.
Yes, we are talking about a piece of malware called PEGASUS Malware which is allowing governments around the world to spy on people turning their smartphones into effectively fully-fledged surveillance devices that can record audio, record video, take photos and look at the photos they already have in their gallery. They can look at the messages, read OTP’s, get device location, and much more.
Now, let’s look at What is PEGASUS and how does it work?
How does PEGASUS Malware infect phones and what can you do maybe to protect yourself. Let me explain now, PEGASUS MALWARE is probably the most sophisticated piece of malware that we know about. Now it’s made by a company called the NSO GROUP and they only sell this malware to governments.
The idea is meant to be used in a fight against terrorism but now the expose in the Guardian newspaper has founded some leaked information that shows that some of these governments that are using PEGASUS malware are not just targeting terrorists but also people of interest that may align or not align with their political plans.
What I want you to look at though is how does PEGASUS MALWARE work and what does it do.
Now the earliest versions of pegasus malware have been seen since 2016 so we knew about its existence. However it’s becoming more and more powerful and more and more capable and at its fully-fledged capabilities it’s able to basically turn any smartphone android or ios into a full surveillance device that means, it can look at messages, can record phone calls, it can record audio through the microphone, it can make a video, it can take photos, it can look at the photos that are already on the device and so on it can even access location data.
This kind of technology does not come cheap if you want to license pegasus and you want to use it as a government you need to pay millions of dollars not even hundreds of thousands millions of dollars to get your hands on this tech.
Now all software has bugs, it’s a fact, and the more complex that software is the more bugs there are. In fact, there are metrics where you can measure the number of bugs versus the size of any particular project. Now, most bugs are just an inconvenience, however, there is a category of bugs that are very very serious and they are security-related bugs. The security-related bugs exist everywhere they exist in android, they exist in ios, they exist in windows, they exist in Linux, they exist in mac os and they exist absolutely everywhere.
They exist in applications themselves, network services, in the servers that are running all the stuff we’re doing.
They are absolutely everywhere and the reason they are serious is that once you breach the security then you have unauthorized access and of course pegasus malware is all about unauthorized access to gain access to things that they shouldn’t have access to.
Now a lot of companies treat these security bugs very seriously, for example, Google has a vulnerability reward program where if you find a problem in android or in chrome or in the play store and demonstrate that using that bug you are able to bypass some kind of security mechanism they’ll give you money, they’ll pay you for your time and there are actual professional researchers who spend their time trying to crack into chrome and into android and into ios and into amazon’s web services and into windows stuff and the companies like Google and Microsoft. and amazon
They pay the money for the things that they have found out in fact in 2020 google paid out 6.7 million dollars to people who had found different security errors in android chrome.
But here are some security researchers like those at NSO that do the research find the bug and then don’t tell google, apple, Microsoft they keep it for themselves.
In fact, the NSO Group has also been known to buy such bugs from people paying more than google or any other company would pay to pay and then keep that bug for themself.
This Malware is installed on a targeted person mobile phone by sending them messages with some link via WhatsApp or SMS or email which looks from some legitimate sources and as the user clicks or open that link malware gets installed into his mobile and the user will be still unaware that something has been installed in the mobile.
ALSO READ: What is UPI?
How to stay safe from pegasus malware ?
- Only open links to known and trusted contacts and sources while using your device. Pegasus is deployed to Apple devices via an iMessage link. And this is the same technique used by many cybercriminals for both malware distribution and less technical scams. The same advice applies to links sent via email or other messaging applications.
- Make sure your device is updated with any relevant patches and upgrades. While a standardized version of an operating system forms a stable base for attackers to target, it is still your best defense.
- If you use Android, don’t rely on notifications for new versions of the operating system. Check yourself for the latest version, as your device’s manufacturer may not be providing the update.
- Although it may seem obvious, you should limit physical access to your phone. Do this by enabling PIN, finger or face-locking on the device. Configure your device securely.
- Avoid public and free WiFi services (including hotels), especially when accessing sensitive information. Using a VPN is a great solution when you need to access such networks.
- Encrypt your device data and enable remote-wipe features where available. If your device is lost or stolen, you will have some assurance that your data can remain safe.
We hope you like this article, share it with your friends and relatives, and help them stay safe from this kind of malware attack.