The Pegasus spyware has made headlines both in the tech and political worlds since 2016. It is spyware designed to exploit data (calls, records, texts, photos, and location) from smartphones.

The Pegasus spyware has been used to spy on many prominent politicians, journalists, and human rights activists. Many have considered this spyware a threat to human privacy due to its increased use. 

This article aims to provide crucial information about Pegasus spyware to everyone using a smartphone so they can be aware of their privacy and safety and stay safe from its unethical use.

What is Pegasus Spyware?

As the name suggests, Pegasus spyware is an application used for spying on individuals through digital devices, primarily smartphones. Pegasus is capable of infiltrating both the iOS and Android operating systems.

The Pegasus spyware was originally named after the mythical winged horse from Greek mythology, the Pegasus. This name was given to the spyware by its creators, the Israeli cybersecurity firm NSO Group. The choice of the name suggests the spyware’s capability to silently and swiftly infiltrate and surveil its targets, much like the legendary Pegasus flying through the air.

Pegasus is considered to be one of the most sophisticated smartphone spyware program that has ever been created, gaining attention for its sophisticated and powerful capabilities. It can infect mobile phones with ease, extracting sensitive information like browsing history, reading text messages, tracking calls, and the device's location. But before we go into the details, let’s take a quick look at the history of Pegasus spyware.

The beginning

The Pegasus spyware was developed by the Israeli tech start-up NSO Group in 2010. According to various sources, Pegasus saw its first use in 2011. The Mexican government used the spyware to detect and track Mexican drug lord Joaquin Guzaman’s location.

However, Pegasus didn’t gain public attention until 2016. It got massive media coverage after a failed installation attempt on a human rights activist’s iPhone from the UAE. Later on, it was also found that the governments of the Arab nations and India utilized the Pegasus to steal data from prominent journalists, human rights activists, and politicians of the opposing parties.

And that’s not all; there have also been reports circulating that the Indian government attempted to spy on Imran Khan, the Pakistani Prime Minister, using Pegasus spyware.

Despite the allegations, the NSO Group has stated several times that they have only developed the Pegasus software for governments to detect criminals and extremists. However, governments in several countries use it to spy on journalists and political opposition, which violates human rights.

How Does it Work?

As mentioned before, Pegasus can infiltrate both iOS and Android devices. Instead of being a specific exploit, Pegasus is a collection of exploits that take advantage of multiple vulnerabilities in a system. Some of the common infection vectors include clicking links, the Photos app, the Apple Music app, iMessage, etc. In some cases, Pegasus uses zero-click, meaning it can run without any interaction from the user.

Once installed, Pegasus can run arbitrary code and extract contact data, call logs, text messages, photos, web browsing history, device settings, and data from apps like iMessage, Gmail, Facebook, WhatsApp, Telegram, Skype, Viber, etc.

Pegasus is also able to bypass end-to-end encryption used by communication applications, intercepting communications between the victim and other parties.

Pegasus also uses “Command & Control” technology, popularly known as C&C, to exploit targeted smartphones. It uses 4 C&C infrastructures with 500 unique domain names for each and at least 3 sub-domains for each exploitation attempt, making it impossible for typical virus scanners to detect its presence.

Another thing that makes Pegasus untraceable is its ability to self-destruct. If it is unable to communicate with its command-and-control server for more than 60 days or finds itself on the wrong device, it self-destructs to eliminate any and all evidence. The attacker can also send a command for the Pegasus to self-destruct. If the Pegasus is unable to infect a device by conventional means, attackers can install it by setting up a wireless transceiver near the target device or just installing it manually.

How does it infect your phone?

Earlier versions of the Pegasus spyware relied on spear-phishing attacks, requiring the target to click a malicious link in a text message or email. The later version (August 2016) of Pegasus had 1-click capabilities for all phones except for old Blackberry models, which were vulnerable to 0-click attacks.

Later on, it utilized a WhatsApp vulnerability to launch zero-click attacks, installing the spyware by calling the target phone, whether the victim answered the call or not.

As for iPhones, Pegasus has been relying on iMessage vulnerabilities to deploy the spyware. By 2020, Pegasus became capable of zero-click exploits and network-based attacks, allowing its clients to break into target phones without requiring any user interaction and without leaving any traces.

Is your device vulnerable to Pegasus Spyware?

Initially, Pegasus targeted iPhones through Apple’s default messaging application, iMessage. In 2017, Google confirmed that Android devices are also vulnerable to Pegasus spyware.

In 2020, Apple updated their security system in iOS 14 to protect their devices from Pegasus spyware. However, since Pegasus is improving its capabilities every day, it doesn’t matter which version or operating system you’re using; Pegasus spyware can infect your device at any given moment.

How does the Pegasus steal data?

Once installed, Pegasus hijacks elevated privileges that allow unrestricted device access and the remote extraction of sensitive phone content. From message history and passwords to photos and contact lists, very little is left private under its attack.

It can even switch on cameras and microphones at will for room surveillance. And location tagging offers spies real-time physical tracking capabilities as well. Data access is instant and two-way: private files get exfiltrated while new instructions and updated code get remotely deployed onto hacked devices.

Pegasus does all this while hiding its presence using stealthy behaviors similar to those of other spyware. It avoids suspicious power or data patterns that might trigger user caution. The spyware hides itself in rarely-used folders, disguising itself as harmless system files or processes

And while phones appear normal to owners, their lives unravel in intimate detail to distant monitors—often without warrants or other lawful oversight—making it one of the most intrusive legal concerns today for today's connected.

Privacy, Security, and Ethical Concerns

Privacy is a universal human right. Everyone deserves to keep their private information, like their call history, browsing history, and private details of their daily lives out of government surveillance. In that regard, using spyware like Pegasus clearly breaches the privacy rights of an individual and is considered unethical by most people.

Moreover, authoritarian governments are using this technology to suppress their political opposition, making it a threat to democracy. Its use government officials also makes it a threat to the national security of many nations.

So the question is, should the Pegasus be stopped?

To answer this question, we must consider the other side of the story too. Pegasus was originally created as a tool against terrorists, extremists, and drug lords. And like any other tools, as long as governments and other authorities ensure proper use of this technology, using it against criminals to restore peace instead of innocent people or political rivals, we can expect some positive results from it.

Who are in Pegasus’s Crosshairs?

Pegasus spyware is not only controversial but also expensive. Governments around the world are spending tens of millions of dollars to have it installed on their targets’ devices. It’s not widely available to the public, and NSO Group ensures that it doesn’t infect random devices.

So, if you are not someone with a high profile, or have clashed with any governments, chances are you are not a target of the Pegasus spyware. So far the typical targets of the Pegasus include the Prime Minister of Pakistan, the President of France, high-profile businesspeople, influential journalists, and human rights activists around the world.

What are the Symptoms of a Pegasus Infection?

Pegasus spyware is designed in a way that makes it nearly impossible for the victims to identify whether their phones have been infected or not. Also, Pegasus is extremely sophisticated, leaving no clue to identify an infiltration.

Amnesty International, one of the organizations that helped to bring the Pegasus to public attention, has released a Mobile Verification Toolkit that can detect indicators or compromises that come with a Pegasus infection.

Also, some tech experts suggest checking your phone’s charge levels to see if it shows any signs of abnormality, like draining faster than usual indicating a malware infection in your phone.

Apart from that, Pegasus is also detectable via professional digital forensics. Recently (16th January 2024) Kaspersky Labs announced a new method of detecting Pegasus in iOS devices by inspecting the shutdown.log file.

This file holds records of reboot events, as well as indicators of compromise. Kaspersky also developed a tool to extract, analyze, and parse the shutdown.log file to make the process of locating files with malicious signatures easier. However, this method is only effective if the device is infected by Pegasus and rebooted on the same day.

How to Protect Your Phones from Pegasus Attacks

Since Pegasus spyware uses Zero-Click Installation technology, protecting your device from its attack is next to impossible. However, you can take some precautions to protect yourself from the Pegasus:

• Only open links from trusted sources
• Avoid downloading apps from unofficial sources (only download apps from the Apple Store or Google Play)
• Always remember to update your phone with the latest version of your operating system.
• Avoid using public Wi-Fi. Use a reputable VPN if you have to use public Wi-Fi.
• Keep your downloaded apps updated at all times.

What to Do If You are Already Infected

If you suspect that your phone has been infected, turn it off immediately. As Pegasus operates using the affected device’s hardware, turning off your phone will temporarily interrupt its operations.

You can use a different device to inform law enforcement agencies to report the incident and consult trusted IT experts to identify and recover from your damage.

If you are in the USA, contact the FBI cybercrime unit. Contact Us — FBI

If you are in the UK, contact the NCA Cybercrime Unit Cyber Crime - National Crime Agency

If you are in the EU, contact the Europol cybercrime unit. Report Cybercrime online | Europol (Europa. eu)

If you are in Australia: Contact AFP Cybercrime | Australian Federal Police (afp.gov.au)

If you are in Canada, contact CCCS. Report a cyber incident - Canadian Centre for Cyber Security.

However, if you find government services too lengthy and time-consuming, you can contact cybersecurity organizations like TechForing for a quicker and smoother solution. At TechForing, we are on a mission to ensure complete online security for individuals and organizations. Our certified cybersecurity experts and cybercrime investigators specialize in Digital Forensics, as well as other cybersecurity operations to protect and rescue you from cybercriminals.

Book a free consultation to get expert help today!

Request a Call Back