2 min read

US Govt Warns Citizens About Pegasus Spyware – Without Saying ‘Pegasus’

Filip TRUȚĂ

January 11, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
US Govt Warns Citizens About Pegasus Spyware – Without Saying ‘Pegasus’

The US National Counterintelligence and Security Center (NCSC) and the Department of State have issued a joint alert warning citizens of zero-click malware that can “access and retrieve virtually all content on a phone.” The advisory doesn’t name any specific malware, but it checks all the boxes that describe NSO Group’s infamous Pegasus spyware.

The alert, titled Protect Yourself: Commercial Surveillance Tools, informs the public that “companies and individuals have been selling commercial surveillance tools to governments and other entities that have used them for malicious purposes.”

“Journalists, dissidents, and other persons around the world have been targeted and tracked using these tools, which allow malign actors to infect mobile and internet-connected devices with malware over both WiFi and cellular data connections,” the alert says.

“In some cases, malign actors can infect a targeted device with no action from the device owner,” the advisory continues, likely referencing the zero-click capabilities of Pegasus spyware, which Google researchers have described as a weapon against which there is no defense.

“In others, they can use an infected link to gain access to a device,” the advisory adds.

According to the alert, the cyber-weapons in question can:

• Record audio, including phone calls

• Track a phone’s location

• Access virtually all content on a phone, including text messages, files, chats, commercial messaging app content, contacts and browsing history

The warning comes shortly after Reuters reported that the iPhones of at least nine US State Department employees had been allegedly infected with Pegasus spyware.

In early December 2021, multiple sources told the news agency that the hacks hit US officials either based in Uganda or focused on matters concerning the East African country. The intrusions were said to be the widest known hacks of US officials through NSO Group’s Pegasus spyware.

In late December, researchers from The Citizen Lab – the original ‘whistleblowers’ of Pegasus – reported that threat actors deployed a zero-day attack against iOS 13.5.1 and likely had access to the iPhones of 36 people at Al Jazeera.

Supporting these findings, iPhone maker Apple in November made a crucial first move against NSO Group, hitting the Israeli spyware maker with a lawsuit alleging that Pegasus has enabled extensive state-sponsored hacking of its devices. At the time, Apple also announced plans to hand out $10 million to infosec partners to help fight cyber surveillance abuses.

The US has blacklisted NSO, forbidding it from selling technology in the US and preventing it from acquiring US technology, such as Apple devices.

The NCSC bulletin offers a list of common cybersecurity practices that may mitigate some risks associated with cyber-surveillance tools. Some of it sounds like overkill for regular Joes and Janes, such as covering device cameras, but many of the precautions make for good cybersecurity hygiene – even if you have no reason to believe you’re a target.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Data of 500,000 already vulnerable people stolen from Red Cross Data of 500,000 already vulnerable people stolen from Red Cross
Radu CRAHMALIUC

January 20, 2022

1 min read
Printing Giant RR Donnelley Forced into Talks with Conti Ransomware Group to Stave Off Corporate Data Leak Printing Giant RR Donnelley Forced into Talks with Conti Ransomware Group to Stave Off Corporate Data Leak
Filip TRUȚĂ

January 20, 2022

1 min read
Top Five Security Tips for Mac Users in 2022 Top Five Security Tips for Mac Users in 2022
Filip TRUȚĂ

January 19, 2022

4 min read