- The NSO Group - the creator of Pegasus spyware - has been advertising the Pegasus spyware with new capabilities.
- The malware has now been enhanced to copy authentication keys and access cloud services like Google Drive or iCloud.
New details regarding the Pegasus spyware made by the Israel-based NSO Group have emerged recently. It has been found the malware is capable of scraping a target’s data from the servers of Apple, Google, Amazon, Facebook, and Microsoft.
What’s the matter?
According to a report from Financial Times, the NSO Group - the creator of Pegasus spyware - has been advertising the Pegasus spyware with new capabilities. The malware has now been enhanced to copy authentication keys and access cloud services like Google Drive or Apple's iCloud. It can now also access messaging services like Facebook Messenger.
How does the infection process begin?
Once the malware is installed on a victim’s phone, the infection can spread to the user’s cloud accounts and download their entire online history. The malware does this by copying the login credentials of various services like Facebook Messenger, Google Drive, Apple's iCloud, and others. It later uses a separate server to mimic the phone including its location.
The malicious server syncs all the information including messages, photos and location history from the connected victim’s device and relays them back to the surveillance operators.
Given the wide range of capabilities, the Financial Times said, “It works on any device that Pegasus can infect, including many of the latest iPhones and Android smartphones, according to the documents, and allows ongoing access to data uploaded to the cloud from laptops, tablets, and phones—even if Pegasus is removed from the initially targeted smartphone.”
How did the companies respond?
Amazon refuted the claims and said there was no evidence its server has been breached. Google, too has made a similar remark, Gizmodo reported.
Meanwhile, Facebook and Microsoft are reviewing the claims. Apple has noted that while “expensive tools may exist to perform targeted attacks,” it does “not believe these are useful for widespread attacks against consumers.”
However, NSO Group, on its part, has clarified that it does not have any intention to collect data from any cloud applications, services or infrastructures.