NSO Group impersonated Facebook to distribute the Pegasus spyware

NSO Group impersonated Facebook to distribute the Pegasus spyware

NSO Group

Israeli surveillance equipment maker firm NSO Group allegedly impersonated Facebook in an attempt to install its phone-hacking software to devices in the United States.

An investigation carried out by Motherboard has revealed that a web domain was created by the NSO Group that looked like it belonged to Facebook’s security team. Using the malicious domain, the firm tried to lure Internet users into installing the company’s powerful cell phone hacking technology, Pegasus. Motherboard also claimed that they have evidence that that servers inside the United States were used to spread Pegasus to a large number of devices.

Pegasus is a well-known piece of spyware created by the NSO Group and features a number of surveillance capabilities that include capturing screenshots, keylogging, live audio capture, browser history exfiltration, email exfiltration from Android’s Native Email client, and exfiltration of contacts and text messages from devices.

According to security researchers, Pegasus is also capable of exfiltrating messaging data from commonly-used applications such as WhatsApp, Skype, Facebook, Twitter, Viber, and Kakao and can self-destruct if an antidote file exists in an infected device or if it has not been able to check in with the servers after 60 days of infiltration.

The Israeli surveillance firm is currently fighting a lawsuit filed by Facebook who alleged that the firm “used WhatsApp servers, located in the United States and elsewhere, to send malware to approximately 1,400 mobile phones and devices” and that the firm developed their malware “in order to access messages and other communications after they were decrypted on Target Devices”.

NSO has however, denied the allegations brought against it and has labelled them “recycled conjecture”. The firm has, in fact, asked the court in California to dismiss the case as it never uses its spyware and only sells them to law enforcement and intelligence agencies worldwide.

The lawsuit was filed after Facebook discovered that a critical vulnerability in WhatsApp messaging service was being exploited by NS Group to inject surveillance malware into users’ devices. The company soon rolled out a security update, stating that “an advanced cyber actor” had already exploited the vulnerability to carry out surveillance of targeted entities.

According to Facebook, between April and May last year, NSO Group formatted call initiation messages containing malicious code to appear like a legitimate call and concealed the code within call settings to avoid the technical restrictions built into WhatsApp Signalling Servers.

Using this method, NSO Group transmitted malicious code to approximately 1,400 target devices between April 29 and May 10 and these devices were owned by attorneys, journalists, human rights activists, political dissidents, diplomats, and other senior foreign government officials.

Copyright Lyonsdown Limited 2021

Top Articles

Carnival Cruises hit by fourth data breach in 18 months

Carnival Cruises, one of the world’s largest cruise ship operators, has confirmed that it suffered another data breach in mid-March.

NHS Test & Trace Consolidates Cyber Security

NHS Test and Trace has teamed up with cybersecurity company Risk Ledger to proactively manage its supply chain cybersecurity risks.

The expert view: Accelerating the journey to the cloud

At a virtual seminar on 9 June 2021, sponsored by managed IT service provider Sungard Availability Services, eight senior IT decision makers gathered to discuss how organisations can accelerate their…

Related Articles

[s2Member-Login login_redirect=”https://www.teiss.co.uk” /]