2 min read

US Govt Warns Citizens About Pegasus Spyware – Without Saying ‘Pegasus’

Filip TRUȚĂ

January 11, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
US Govt Warns Citizens About Pegasus Spyware – Without Saying ‘Pegasus’

The US National Counterintelligence and Security Center (NCSC) and the Department of State have issued a joint alert warning citizens of zero-click malware that can “access and retrieve virtually all content on a phone.” The advisory doesn’t name any specific malware, but it checks all the boxes that describe NSO Group’s infamous Pegasus spyware.

The alert, titled Protect Yourself: Commercial Surveillance Tools, informs the public that “companies and individuals have been selling commercial surveillance tools to governments and other entities that have used them for malicious purposes.”

“Journalists, dissidents, and other persons around the world have been targeted and tracked using these tools, which allow malign actors to infect mobile and internet-connected devices with malware over both WiFi and cellular data connections,” the alert says.

“In some cases, malign actors can infect a targeted device with no action from the device owner,” the advisory continues, likely referencing the zero-click capabilities of Pegasus spyware, which Google researchers have described as a weapon against which there is no defense.

“In others, they can use an infected link to gain access to a device,” the advisory adds.

According to the alert, the cyber-weapons in question can:

• Record audio, including phone calls

• Track a phone’s location

• Access virtually all content on a phone, including text messages, files, chats, commercial messaging app content, contacts and browsing history

The warning comes shortly after Reuters reported that the iPhones of at least nine US State Department employees had been allegedly infected with Pegasus spyware.

In early December 2021, multiple sources told the news agency that the hacks hit US officials either based in Uganda or focused on matters concerning the East African country. The intrusions were said to be the widest known hacks of US officials through NSO Group’s Pegasus spyware.

In late December, researchers from The Citizen Lab – the original ‘whistleblowers’ of Pegasus – reported that threat actors deployed a zero-day attack against iOS 13.5.1 and likely had access to the iPhones of 36 people at Al Jazeera.

Supporting these findings, iPhone maker Apple in November made a crucial first move against NSO Group, hitting the Israeli spyware maker with a lawsuit alleging that Pegasus has enabled extensive state-sponsored hacking of its devices. At the time, Apple also announced plans to hand out $10 million to infosec partners to help fight cyber surveillance abuses.

The US has blacklisted NSO, forbidding it from selling technology in the US and preventing it from acquiring US technology, such as Apple devices.

The NCSC bulletin offers a list of common cybersecurity practices that may mitigate some risks associated with cyber-surveillance tools. Some of it sounds like overkill for regular Joes and Janes, such as covering device cameras, but many of the precautions make for good cybersecurity hygiene – even if you have no reason to believe you’re a target.

tags


Author



Right now

Top posts

How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read
Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

Snake Keylogger Returns in Malspam Campaign Disguised as Business Portfolio from IT Vendor

August 30, 2022

2 min read
What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read
Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find Some Phone Manufacturers Didn't Implement Vital Security Patch for ARM Mali GPU, Google Researchers Find
Silviu STAHIE

November 29, 2022

1 min read
Apple Users Report Seeing Other People's Photos When Using iCloud for Windows Apple Users Report Seeing Other People's Photos When Using iCloud for Windows
Silviu STAHIE

November 25, 2022

1 min read