Pegasus

Malware updated an hour ago (2024-11-21T11:31:39.823Z)

Download STIX

Preview STIX

Pegasus is a highly controversial and sophisticated malware, developed by Israel's NSO Group, designed to covertly monitor and extract data from iOS and Android smartphones. Once installed, Pegasus can intercept messages, emails, media, and passwords, and track location data, all while evading detection by antivirus software. The malware can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. In a recent revelation, it was found that zero-day vulnerabilities fixed by Apple were used to deliver this spyware. The NSO Group developed additional tools named Heaven and Eden to interact with WIS (WhatsApp Internet Services) in such a way as to trigger Pegasus downloads on target phones via WhatsApp. This interaction has been at the center of legal disputes, with WhatsApp lawyers arguing that NSO Group should be held liable for Pegasus due to its direct involvement in customer use of the spyware tool. Court documents reveal that NSO Group repeatedly developed and used exploits for abusing WhatsApp's servers to install Pegasus on target devices, including after WhatsApp had sued the company over the issue in October 2019. These revelations are part of an ongoing lawsuit that WhatsApp filed against NSO Group in 2019 after discovering the Israeli firm had used WhatsApp servers to distribute Pegasus to some 1,400 mobile phones, including those belonging to journalists and human rights activists. WhatsApp's lawyers have argued that NSO Group is solely responsible for Pegasus’s unauthorized access to their servers, controlling every aspect of the data retrieval and delivery process through its design of Pegasus. Despite these accusations, NSO Group remains confident that these claims will be proven wrong in court.

Description last updated: 2024-11-21T10:32:47.871Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Spyware

Malware

NSO Group

Ios

Exploit

Apple

Zero Day

Vulnerability

Exploits

Tool

nso

Google

Android

Russia

Imessage

Macos

Encryption

Government

Sextortion

Kaspersky

State Sponso...

Phishing

European

Espionage

Cytrox

Ransom

Apt

Chrome

Cybercrime

Ransomware

Windows

Social Media

Scammer

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Predator Malware is associated with Pegasus. Predator is a highly invasive malware known for its extensive data-stealing and surveillance capabilities. The malicious software, developed by the Intellexa Consortium, a complex international network of decentralized companies, can infect systems through suspicious downloads, emails, or websites a	Unspecified	7
The Predator Spyware Malware is associated with Pegasus. Predator Spyware is a malicious software known for its extensive data-stealing and surveillance capabilities. It has been designed to exploit and damage devices, often infiltrating systems via suspicious downloads, emails, or websites without the user's knowledge. Once inside, it can steal personal	Unspecified	2
The Lockbit Malware is associated with Pegasus. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Peach Sandstorm Threat Actor is associated with Pegasus. Peach Sandstorm, also known as Curious Serpens, APT33, Elfin, HOLMIUM, MAGNALIUM, or REFINED KITTEN, is a threat actor linked to the Iranian Islamic Revolutionary Guard Corps (IRGC). Active since at least 2013, this espionage group has primarily targeted aerospace and energy sectors, alongside gover	Unspecified	2

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

Alias Description	Association Type	Votes
The Blastpass Vulnerability is associated with Pegasus. Blastpass is a significant software vulnerability that was revealed in September 2023 by Citizen Lab. The flaw, which resides in Apple's software design and implementation, has been exploited by attackers to infiltrate devices with Pegasus spyware. The exploit is particularly potent as it uses a zer	Unspecified	5
The Pwnyourhome Vulnerability is associated with Pegasus. The "PWNYOURHOME" vulnerability is a significant flaw in software design or implementation that was used against iPhones running iOS 15 and iOS 16 starting in October 2022. Identified by Citizen Lab, it is one of three zero-click exploits that were used to deploy the Pegasus spyware on target iPhone	Unspecified	2
The CVE-2023-41061 Vulnerability is associated with Pegasus. CVE-2023-41061 is a significant software vulnerability that was discovered in Apple's Wallet frameworks. This flaw allows for remote code execution, making it possible for malicious actors to execute arbitrary code on vulnerable devices through the manipulation of a "validation issue". The discovery	Unspecified	2
The CVE-2023-41064 Vulnerability is associated with Pegasus. CVE-2023-41064 is a software vulnerability, specifically a buffer overflow issue found in the iOS ImageIO component. This flaw was discovered and reported by researchers at Citizen Lab in early September. It was being actively exploited as part of an exploit chain, along with another vulnerability (	Unspecified	2

Source Document References

Information about the Pegasus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
DARKReading	5 hours ago	WhatsApp: NSO Group Operates Pegasus Spyware for Customers
InfoSecurity-magazine	2 months ago	Google Street View Images Used For Extortion Scams
BankInfoSecurity	2 months ago	Apple Moves to Dismiss Suit Against Spyware Firm NSO Group
DARKReading	2 months ago	Apple Abandons Spyware Suit to Avoid Sharing Cyber Secrets
BankInfoSecurity	2 months ago	More US Sanctions Against Predator Spyware Maker Intellexa
InfoSecurity-magazine	2 months ago	Apple to Drop Spyware Lawsuit Over Security Concerns
Securityaffairs	2 months ago	Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure
InfoSecurity-magazine	2 months ago	Poland’s Supreme Court Blocks Pegasus Spyware Probe
Securityaffairs	2 months ago	Predator spyware operation is back with a new infrastructure
DARKReading	2 months ago	Commercial Spyware Use Roars Back Despite Sanctions
InfoSecurity-magazine	2 months ago	Spyware Vendors' Nebulous Ecosystem Helps Them Evade Sanctions
Malwarebytes	3 months ago	“Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home \| Malwarebytes
InfoSecurity-magazine	3 months ago	Civil Rights Groups Call For Spyware Controls
Krebs on Security	3 months ago	Sextortion Scams Now Include Photos of Your Home
InfoSecurity-magazine	3 months ago	Russian Hackers Use Commercial Spyware Exploits to Target Victims
Securityaffairs	3 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
DARKReading	4 months ago	Sophisticated Android Spyware Targets Users in Russia
Securityaffairs	4 months ago	security-affairs-malware-newsletter-round-5
BankInfoSecurity	a year ago	New iPhone Exploit Technique Evades Lockdown Mode Function
CERT-EU	9 months ago	Tainted NSO Group gets involved in another data privacy controversy