3 min read

Protect Yourself from Pegasus - the Most Advanced Mobile Spyware in the World

Silviu STAHIE

July 27, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Protect Yourself from Pegasus - the Most Advanced Mobile Spyware in the World

There can be a fine line between malware and dubious applications, but NSO's spyware Pegasus is so far past that line that you can't even see it anymore.

We often hear of strains of distributed malware in third-party app stores, and sometimes they even make it past the gates and find them coming from official sources. What separates Pegasus from the rest is that it's likely the most advanced spyware ever identified in the wild. The reason is simple; it exploits zero-day vulnerabilities in popular applications such as WhatsApp, iMessage and FaceTime to infect smartphones.

The NSO Group has been around for half a decade and specializes in selling government-grade spyware to a select pool of customers such as governments and law enforcement agencies. They've always asserted that law agencies and other institutions use their software for legitimate reasons. However, it's challenging to find corroborating evidence since such agencies won't admit to buying or using spyware.

It turns out that people can protect their iOS and Android devices from Pegasus if they only take one extra step.

Imagine a world without privacy

Spyware is a category of malware that grants third parties access to private information, including photos, files messages and call records from apps that are supposedly safe from such interference. The applications targeted by Pegasus are some of the most secure communication apps in existence: WhatsApp, Facebook, Twitter, Skype and Gmail.

Operators wielding this spyware would also be able to take screenshots, exfiltrate photos and directly access the phone's camera and microphone. Since our smartphones are constantly at attention, attacks would have a 24/7 window into a target’s life.

The process of compromising a device begins with the exploitation of the software to circumvent the built-in safety features. Once the device has been “rooted” or “jailbroken”, an application can have unrestricted access to stored data and other apps running on the phone. However, the compromised mobile phone remains open to all types of attacks even after the government-sanctioned data collection program has finished.

Fortunately, there is still hope for people who use security solutions and take the precautions they need to guard their digital lives.

No one is safe from attack, but everyone can be protected

It is possible to protect our digital life by taking several common-sense measures that dramatically limit the success rate of a potential Pegasus attack:

  • Install applications from legitimate sources only. Avoid installing apps sent as links over messaging platforms, as they may be compromised.
  • Always install OS updates and security patches as soon as they become available. If you are planning to leave the country for a vacation or business trip, make sure that your device is fully patched before you leave your home. Most mobile phones don’t download bulky updates via 4G, particularly when roaming on a foreign network.
  • Set a pin- or pattern-based lock screen to prevent unauthorized physical access to your device.
  • Regularly check which apps have device administrator privileges on your device and revisit your security choices if needed.

It's easy to think we're all set if we have all these boxes checked. But attackers have been known to deploy zero-day vulnerabilities, which means they've managed to compromise fully patched and up-to-date devices.

This is also why you need a security solution to automate security decisions. Bitdefender Mobile Security app on iOS or Bitdefender Mobile Security for Android first identified the Pegasus spyware back in 2017 and, over the years, we have constantly improved detection to keep up with this ever-improving spyware framework.

While mobile platforms give the impression of heightened security, Pegasus is a stark reminder that, as long as your device connects to the internet, it will never be safe as-is. The need for security solutions is now more evident than ever.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Marketing lists for crypto customers stolen in data breach at marketing platform Klaviyo Marketing lists for crypto customers stolen in data breach at marketing platform Klaviyo
Alina BÎZGĂ

August 09, 2022

2 min read
What is medical identity theft and how to protect against it What is medical identity theft and how to protect against it
Alina BÎZGĂ

July 27, 2022

2 min read
SSNs, drivers’ licenses and government IDs exposed in Oklahoma City Housing Authority data breach SSNs, drivers’ licenses and government IDs exposed in Oklahoma City Housing Authority data breach
Alina BÎZGĂ

July 26, 2022

1 min read