The recent news of Pegasus spyware attack via WhatsApp that targeted lawyers, journalists and human rights activists, offers an astonishing revelation on the kind of havoc such spyware can create. We covered the topic extensively, recently. The frequent media buzz about the recent incident of snooping by Pegasus spyware which impacted several unsuspicious mobile users has raised an alert on the security level of Android and iOS-based mobile phones!
The Pegasus spyware is not new – it was only targeting iOS users in 2016.
Developed by the Israeli firm, NSO Group, the earlier reported incidences of Pegasus spyware were specific to iOS — circa 2017, Pegasus started to attack Android mobile Operating Systems also!
The modus operandi was to penetrate mobile phones through a malicious link that provided the spyware with the ability to read text messages, track calls, collect passwords, gather data from other apps and collect geo-location of the phone. However, the spyware had been evolving for quite some time and off recently, it was found to be again infecting Android as well as other mobile operating systems.
What makes Pegasus a scary affair today?
Until the last incident, Pegasus was gaining entry into a user’s mobile, by tricking the user into clicking a link. The user still had control over whether or not to click the link & prevent Pegasus spyware from getting installed.
However, in a bold and game-changing move, Pegasus spyware has now been found to exploit a vulnerability in WhatsApp that doesn’t even require any action from the victim. All that it needs to take over the victim’s phone is just make a missed call on WhatsApp and there’s absolutely nothing the mobile user can do to control this. Sounds scary right!! It is.
So then how do you know if your mobile phone is infected by spyware?
Typically, in this case, users realized that they had been compromised by Pegasus only when WhatsApp sent them a message on its platform notifying them about the same. There are paid/free applications available on App stores (of respective operating system providers) that claim stellar detection capabilities for this insidious spyware. However, there is no clear indication of the success of their functionality.
Analysts firmly state though that, in case of something like the highly sophisticated & professional-grade spyware Pegasus, users won’t really see any suspicious behaviour which can alert them about a possible breach in their phone.
That’s where the real danger lies and in turn, highlights the importance of integrating a robust antivirus software for mobile devices.
Pegasus is not the lone attacker!
The NSO Group had stated explicitly that it only provides Pegasus to authorized Government agencies indicating the high cost required to procure this software. It was no surprise then that Pegasus was only involved in attacking high-profile targets.
Interestingly, Pegasus is only one of the few spyware that has gained popularity in the recent past and has been considered to be one of the best spyware in the history of cybersecurity. The search engines, however, list out a plethora of other free/cheap spyware that are easily available and can be used to target innocent victims.
Hence, there are reports of several surveillance attacks that are not just targeting high – profile elite class or social activists, but instead, these highly abundant spyware are being directed towards any mobile user.
This goes on to explain that it wouldn’t be long before cyber actors start manipulating other spyware to plan targeted attacks at scale on businesses as well as individual iPhone and Android mobile users.
A very recent example of a high – severity Pegasus-like spyware was detected by Facebook who announced it to the world. The social media giant stated that the attack could target WhatsApp with MP4 files. This new type of WhatsApp vulnerability identified as a “stack-based buffer overflow vulnerability” could allow the remote attacker to target WhatsApp users by sending a specially crafted video file in MP4 format.
Identified as CVE-2019-11931, it can allow a remote attacker to force “Remote Code Execution (RCE) and Denial of Services (DoS)”, to compromise a mobile phone running on iOS, Android or Windows.
The threat is real
As users move towards using lean mobility over laptops and computers, cybercriminals are quick to shift their attention towards mobile devices. Mobile dependency in today’s world is at its maximum. We are living out of our mobile phones – be it professionally or personally. It is for this reason that mobile devices today have become a storehouse for vast amounts of our personal & professional data. The sad part, however, is that users often regard security as an afterthought when it comes to mobile devices as against their home or office computers. This is a recipe of disaster as hackers are figuring out novel ways to attack mobile devices.
Pegasus is still an extreme case scenario – malware penetration is at its peak from multiple channels such as social media engineering, malicious applications, zero-day vulnerabilities, etc. The significant penetration of mobile devices has made billions of unsuspicious mobile users across the world soft-targets to cyberattackers.
The bottom line is that spyware or for that matter malware has the ability to attack any unsuspicious mobile phone user and not just specific and high-profile targets.
In fact, you could be next!
This has generated an urgent need for increased awareness about the importance of securing every mobile device, be it for consumers or businesses.
Quick Heal acts swiftly
Our previous blog stated that Quick Heal Total Security for Mobile successfully detects Pegasus Spyware through different detections named as Android.Pegasus.A, Android.Chrysaor.A, and AndroidELF.Pegasus.A. We are proud to announce that off all the Pegasus attacks that happened in the Indian sub-continent, Quick Heal was responsible to successfully detect and block three of them.
However, getting back to the crux of the discussion, how do business or personal mobile users ensure that they are not victims of the next spyware assault?
The key is to leverage the capabilities of a robust antivirus like Quick Heal Total Security for Android and Seqrite’s AI-powered mobile security solutions, to safeguard against the known, advanced and emerging cyber threats.