Hacking of WhatsApp by Israeli spyware, not all people understand the situation. It wasn’t the chat that was broken into, but the malicious code entered the cellphone via WhatsApp. WhatsApp, supported by its parent Facebook, brought the NSO Group to justice. The Israeli company is accused of being responsible for making spy software or spyware called Pegasus onto WhatsApp users’ cellphones.
The Pegasus attack is thought to have taken place in May 2019 with 1,400 WhatsApp users worldwide, exploiting security holes in WhatsApp video calls. At least 100 victims were political and human rights activists, journalists or government officials. Many netizens think that the burglarized is WhatsApp conversation. No, that’s not what was targeted. Time of India is like reporting on a document about Pegasus that WhatsApp spyware is not breaking into conversations. But when he entered the victim’s cellphone he took all cellular data in the form of photos, e-mails, contact numbers, locations, archives, browsing history data, audio recordings and cameras. Just need the target phone number to install Pegasus spyware. He can also activate the microphone and camera on the target cell phone to get data, as revealed by the data about Pegasus.
Will Catchart, Head of WhatsApp said the target was important data on the victim’s cellphone. WhatsApp was broken into as an entry point from malicious codes to the victim’s cellphone. After the phone rings, the attacker secretly transmits malicious code in an attempt to infect the victim’s cellphone with spyware to read messages and other information. The targeted party doesn’t even need to take the call. Pegasus only needs the victim’s mobile number to send malicious codes. Not only that, Pegasus can infiltrate without a trace, with minimal battery consumption so as not to arouse suspicion. Pegasus leaves no traces, battery consumption, memory and data usage is minimal, and has the option to delete yourself that can be used at any time.
The problem is, one of the victims who is a Rwandan political activist named Faustin Rukundo said that Pegasus spyware entered via WhatsApp call, not WhatsApp video call. But there is no further explanation from WhatsApp whether Pegasus spyware attacks via WhatsApp call as well. Alfons Tanujaya, cyber security expert when responding to the attack recently told detikINET that the general public should not panic immediately. The main target is certain figures, not ordinary citizens. The target is not a layman. If ordinary people are attacked, do not return the capital. The tools are very expensive and only for a limited circle.
Pegasus malware is spyware that can hack any iOS or Android device and steal a variety of data from the infected devices, including text messages, emails, key logs, audio and information from installed applications, such as Facebook or Instagram. The spyware can record conversations and videos as well as snap pictures from the device’s camera. The malware was created by NSO Group, an Israeli cybersecurity firm founded in 2010, and has been around since at least the summer of 2016. Threat actors can use Pegasus to stealthily gather information from high-value targets, including executives with strategic corporate information and government officials who have access to national or international secrets.
A Pegasus attack starts with a simple phishing scheme: the attacker identifies a target then sends that target a website URL via email, social media, text message or any other message.
In the case of iOS devices, once the user clicks on the link, the malware secretly carries out a trio of zero-day exploits against the victim’s device, jailbreaking it remotely so the spyware can be installed. The only indication that something has occurred is that the browser closes after the user clicks the link. There’s no other indication that anything has happened or that any new processes are running.
Once Pegasus is installed, it begins contacting the operator’s command and control servers to receive and execute the operator’s commands. The spyware contains malicious code, processes and apps that spy on what the user does on the device, collects data and reports back what the user does. The malware can access and exfiltrate calls, emails, messages, and logs from applications including, Facebook, Facebook, Gmail, WhatsApp, Tango, Viber and Skype. Once the spyware jailbreaks the user’s device, it compromises the original apps already installed on the device to capture data rather than downloading the malicious versions of these apps.
Pegasus for Android doesn’t require zero-day vulnerabilities to root the target device and install the malware. Rather, the malware uses a well-known rooting technique called Framaroot. With Pegasus for iOS, if the zero-day attack execution failed to jailbreak the device, the overall attack sequence failed. However, the hackers built functionality into the Android version that enables Pegasus to still ask for permissions so it can access and exfiltrate data if the initial attempt to root the device is unsuccessful.
NSO Group has said it sells its surveillance software to governments to help them fight terrorism and serious crime. Its spyware, including Pegasus, has been licensed to dozens of countries, including Mexico, Bahrain, Saudi Arabia and the UAE. Governments worldwide have used Pegasus to target activists, including the Amnesty International employee; Saudi activists; Mansoor; at least 24 human rights defenders, journalists and parliamentarians in Mexico; and allegedly murdered Saudi journalist Jamal Khashoggi, according to a lawsuit filed in 2019 by Amnesty International and other groups demanding that the Israeli Ministry of Defense revoke the export license of NSO Group.
In his lawsuit, Pegasus is said to have the ability to spy on three levels. Namely data extraction, passive monitoring and active data collection, as quoted by the Times of India. Pegasus was designed, one of its parts, to intercept communications sent and received from devices, including communication via iMessage, Skype, Telegram, WeChat, Facebook Messenger, WhatsApp, and others. This means that not only does Pegasus infect WhatsApp, but also various other popular messaging applications. Not only that, Pegasus can infiltrate without a trace, with minimal battery consumption so as not to arouse suspicion.
“Pegasus leaves no traces, battery consumption, memory and data usage is minimal, and has the option to delete yourself that can be used at any time,” WhatsApp added. passive monitoring and active data collection, as quoted by the Times of India
Source: https://www.lookout.com/trident-pegasus-enterprise-discovery ; https://inet.detik.com/security/d-4770452/begini-cara-spyware-israel-membobol-whatsapp/2/#news ; https://economictimes.indiatimes.com/tech/internet/pegasus-spyware-can-target-up-to-50-phones-at-once/articleshow/71860858.cms ; https://cdn0-production-images-kly.akamaized.net/LC9qgo18nx9Kezh9S8kRTbuF4Rc=/640×360/smart/filters:quality(75):strip_icc():format(webp)/kly-media-production/medias/2841736/original/078229300_1561975842-New_Project__4_.jpg