Spyware is a kind of malware (a malicious program) that secretly gathers information about a person or organization and relays this data to other parties. Till date, Pegasus is considered a very powerful spyware as it can penetrate cell phones without user interaction or even via a miss call.
Pegasus spyware is developed by NSO Group, Israel. The organisation NSO is named after its three founder Niv Carmi(N), Shalev Hulio(S) and Omri Lavie(O). Till date, it’s not known how Pegasus infiltrate inside a user’s mobile but it is believed that group of techies are working together as a team to perform different surveillance and phishing related work. Till now it’s not clear whether illegal channels like dark web are used by NSO Group or not.
Furthermore, founders of NSO Group says that main aim behind creating such softwares are to serve humanity and its designed exclusively for law enforcement and government intelligence agencies to fight crime and terrorism.
Unexpectedly, quite the opposite, it was observed that NSO has done human rights violation by installing Pegasus to track huge number of popular Journalist, politicians and even head of states of different countries.
Amnesty international and Forbidden stories did couple of investigation and confirmed that NSO group has violated Human rights as they have found approximately fifty thousand phone numbers under Pegasus’s surveillance list.
There’s no trace which can state that old or less popular Operating Systems like Bada, Symbian, Blackberry and Microsoft mobile are impacted by Pegasus till date.
However, researchers have confirmed that iOS and Android users are vulnerable to Pegasus Spyware.
Pegasus is not available on Google Playstore or Apple’s App Store. Pegasus is very costly and as per news published by The New York Times, NSO Group charges $650,000 to infiltrate 10 devices (Android or iOS) and additional $500,000 as an installation fee.
User awareness is the shield against not only spyware like Pegasus but many other serious threats like ransomwares, viruses, trojans, phishing, social engineering, clickbait, eavesdropping, bluejacking, blusesnarfing and many more.
These are the few of cyber security best practices that will protect from Pegasus infiltration:
– Educate yourself about phishing and social engineering. Never click any suspicious link coming from untrusted sources.
– While installing new app, avoid giving unnecessary permissions. For example, giving GPS access is ok for a weather app but there’s no need to give access to cell phone’s camera, sms or call feature to such app. Be vigilant and deny such permissions.
– Avoid using free and public Wi-Fi. Hackers may use the same wifi and may sniff your data.
– Update your softwares to latest and stable version.
– Never use rooted device. Rooted Phones are more vulnerable to malware and hacking.
– Install antivirus to track unusual behaviours like suspicious app consuming excess battery, memory and data.
– Never share username, password, OTP, credit card number and CVV to anyone in any format (sms, email, photo, phone etc).
– Make a habit of changing your password frequently.
– Encrypt email and other sensitive data
– Use Virtual private Network
– if dealing in very sensitive data/information, change your phone and numbers frequently or don’t use the same number or phone all the time for transmitting such data!
– By Suman Tiwari
(Subject Matter Expert – Cyber Security)