3 min read

Protect Yourself from Pegasus - the Most Advanced Mobile Spyware in the World

Silviu STAHIE

July 27, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Protect Yourself from Pegasus - the Most Advanced Mobile Spyware in the World

There can be a fine line between malware and dubious applications, but NSO's spyware Pegasus is so far past that line that you can't even see it anymore.

We often hear of strains of distributed malware in third-party app stores, and sometimes they even make it past the gates and find them coming from official sources. What separates Pegasus from the rest is that it's likely the most advanced spyware ever identified in the wild. The reason is simple; it exploits zero-day vulnerabilities in popular applications such as WhatsApp, iMessage and FaceTime to infect smartphones.

The NSO Group has been around for half a decade and specializes in selling government-grade spyware to a select pool of customers such as governments and law enforcement agencies. They've always asserted that law agencies and other institutions use their software for legitimate reasons. However, it's challenging to find corroborating evidence since such agencies won't admit to buying or using spyware.

It turns out that people can protect their iOS and Android devices from Pegasus if they only take one extra step.

Imagine a world without privacy

Spyware is a category of malware that grants third parties access to private information, including photos, files messages and call records from apps that are supposedly safe from such interference. The applications targeted by Pegasus are some of the most secure communication apps in existence: WhatsApp, Facebook, Twitter, Skype and Gmail.

Operators wielding this spyware would also be able to take screenshots, exfiltrate photos and directly access the phone's camera and microphone. Since our smartphones are constantly at attention, attacks would have a 24/7 window into a target’s life.

The process of compromising a device begins with the exploitation of the software to circumvent the built-in safety features. Once the device has been “rooted” or “jailbroken”, an application can have unrestricted access to stored data and other apps running on the phone. However, the compromised mobile phone remains open to all types of attacks even after the government-sanctioned data collection program has finished.

Fortunately, there is still hope for people who use security solutions and take the precautions they need to guard their digital lives.

No one is safe from attack, but everyone can be protected

It is possible to protect our digital life by taking several common-sense measures that dramatically limit the success rate of a potential Pegasus attack:

  • Install applications from legitimate sources only. Avoid installing apps sent as links over messaging platforms, as they may be compromised.
  • Always install OS updates and security patches as soon as they become available. If you are planning to leave the country for a vacation or business trip, make sure that your device is fully patched before you leave your home. Most mobile phones don’t download bulky updates via 4G, particularly when roaming on a foreign network.
  • Set a pin- or pattern-based lock screen to prevent unauthorized physical access to your device.
  • Regularly check which apps have device administrator privileges on your device and revisit your security choices if needed.

It's easy to think we're all set if we have all these boxes checked. But attackers have been known to deploy zero-day vulnerabilities, which means they've managed to compromise fully patched and up-to-date devices.

This is also why you need a security solution to automate security decisions. Bitdefender Mobile Security app on iOS or Bitdefender Mobile Security for Android first identified the Pegasus spyware back in 2017 and, over the years, we have constantly improved detection to keep up with this ever-improving spyware framework.

While mobile platforms give the impression of heightened security, Pegasus is a stark reminder that, as long as your device connects to the internet, it will never be safe as-is. The need for security solutions is now more evident than ever.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Data Breach: 1.3 Million Broward Health Patients and Staff at Risk of Medical Identity Theft Data Breach: 1.3 Million Broward Health Patients and Staff at Risk of Medical Identity Theft
Alina BÎZGĂ

January 04, 2022

2 min read
Data Breach at Pro Wrestling Tees Affects 31,000 Customers Data Breach at Pro Wrestling Tees Affects 31,000 Customers
Alina BÎZGĂ

December 29, 2021

1 min read
Hackers steal credit cards from 1.8 million sports gear site customers Hackers steal credit cards from 1.8 million sports gear site customers
Radu CRAHMALIUC

December 21, 2021

1 min read