• One of Amnesty International’s researchers and Saudi dissidents living abroad received suspicious WhatsApp and SMS messages designed to infect devices with the Pegasus malware.
  • The spyware allows its operators in the vicinity of the targeted device to record video, calls, monitor movements, harvest messages and more.

An employee of the human rights charity Amnesty International as well as Saudi activists and dissidents living abroad received suspicious SMS and WhatsApp messages that contained malicious links distributing a mobile spyware called Pegasus. The malware can target both iOS, Android and other mobile devices.

Security researchers at Citizen Lab, who have investigating Pegasus' malicious infrastructure since 2016, discovered that the messages were connected to over 600 malicious domains, which overlapped with the Pegasus malware’s malicious infrastructure.

A brief history of Pegasus

Pegasus is a powerful spyware created by the Israel-based surveillance products manufacturer NSO Group. The malware has been used to spy on around 175 individuals across the globe. Pegasus has been around since at least 2012.

The mobile spyware was also used by former Panama president Ricardo Martinelli to spy on his around 150 people, including political opponents, journalists, business rivals and even her mistress between 2012 and 2014. Since then, Pegasus has been used to target journalists and dissidents in Mexico, the UAE and Saudi Arabia.

Pegasus’ capabilities

Pegasus comes packed with various spying features. The malware can use a targeted device’s webcam to record video, record audio using the device’s microphone, monitor the device’s location and movement, harvest messages from chat apps and more.

Amnesty International said that the malicious SMS messages sent to the charity’s employee and the other Saudi dissidents contained links to domains that were identified as being part of the NSO Group’s and/or its clients’ malicious infrastructure used to distribute exploits and malware created to surreptitiously steal data from victims.

“This malware would allow an attacker complete access to the target’s phone or computer, essentially turning the device into a sophisticated eavesdropping and tracking tool to be used against them,” Amnesty International said in a statement.

The recent malware campaign indicates how the NSO Group’s products are increasingly being used to target journalists, activists and dissidents across the globe. In most cases, the NSO Group’s clients appear to be authoritarian governments, which in turn, provides a peek into how such regimes go about silencing criticisms and boosting their power stronghold.

“This story is about more than just the spread of surveillance technologies, it is also about the unabashed use of them by governments to silence human rights,” Danna Ingleton, research and policy advisor at Amnesty International, told Motherboard. “It shows that there is a serious lack of accountability for these violations that must come to a stop. It’s the wild west."

Cyware Publisher