Pegasus

Malware updated a month ago (2024-11-29T13:43:42.528Z)
Download STIX
Preview STIX
Pegasus is a highly controversial and sophisticated malware, developed by Israel's NSO Group, designed to covertly monitor and extract data from iOS and Android smartphones. Once installed, Pegasus can intercept messages, emails, media, and passwords, and track location data, all while evading detection by antivirus software. The malware can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. In a recent revelation, it was found that zero-day vulnerabilities fixed by Apple were used to deliver this spyware. The NSO Group developed additional tools named Heaven and Eden to interact with WIS (WhatsApp Internet Services) in such a way as to trigger Pegasus downloads on target phones via WhatsApp. This interaction has been at the center of legal disputes, with WhatsApp lawyers arguing that NSO Group should be held liable for Pegasus due to its direct involvement in customer use of the spyware tool. Court documents reveal that NSO Group repeatedly developed and used exploits for abusing WhatsApp's servers to install Pegasus on target devices, including after WhatsApp had sued the company over the issue in October 2019. These revelations are part of an ongoing lawsuit that WhatsApp filed against NSO Group in 2019 after discovering the Israeli firm had used WhatsApp servers to distribute Pegasus to some 1,400 mobile phones, including those belonging to journalists and human rights activists. WhatsApp's lawyers have argued that NSO Group is solely responsible for Pegasus’s unauthorized access to their servers, controlling every aspect of the data retrieval and delivery process through its design of Pegasus. Despite these accusations, NSO Group remains confident that these claims will be proven wrong in court.
Description last updated: 2024-11-21T10:32:47.871Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Spyware
Malware
NSO Group
Ios
Whatsapp
Apple
Exploit
Zero Day
Exploits
Vulnerability
nso
Tool
Imessage
Android
Russia
Macos
Encryption
Government
Google
Bitcoin
Scammer
Sextortion
Kaspersky
State Sponso...
Phishing
European
Eu
Espionage
Cytrox
Ransom
Apt
Chrome
Cybercrime
Ransomware
Windows
Telegram
Social Media
Aws
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Predator Malware is associated with Pegasus. Predator is a highly invasive malware known for its extensive data-stealing and surveillance capabilities. The malicious software, developed by the Intellexa Consortium, a complex international network of decentralized companies, can infect systems through suspicious downloads, emails, or websites aUnspecified
7
The Predator Spyware Malware is associated with Pegasus. Predator Spyware is a malicious software known for its extensive data-stealing and surveillance capabilities. It has been designed to exploit and damage devices, often infiltrating systems via suspicious downloads, emails, or websites without the user's knowledge. Once inside, it can steal personal Unspecified
2
The Lockbit Malware is associated with Pegasus. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers orUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Peach Sandstorm Threat Actor is associated with Pegasus. Peach Sandstorm, also known as Curious Serpens, APT33, Elfin, HOLMIUM, MAGNALIUM, or REFINED KITTEN, is a threat actor linked to the Iranian Islamic Revolutionary Guard Corps (IRGC). Active since at least 2013, this espionage group has primarily targeted aerospace and energy sectors, alongside goverUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The Blastpass Vulnerability is associated with Pegasus. Blastpass is a significant software vulnerability that was revealed in September 2023 by Citizen Lab. The flaw, which resides in Apple's software design and implementation, has been exploited by attackers to infiltrate devices with Pegasus spyware. The exploit is particularly potent as it uses a zerUnspecified
5
The Pwnyourhome Vulnerability is associated with Pegasus. The "PWNYOURHOME" vulnerability is a significant flaw in software design or implementation that was used against iPhones running iOS 15 and iOS 16 starting in October 2022. Identified by Citizen Lab, it is one of three zero-click exploits that were used to deploy the Pegasus spyware on target iPhoneUnspecified
2
The CVE-2023-41061 Vulnerability is associated with Pegasus. CVE-2023-41061 is a significant software vulnerability that was discovered in Apple's Wallet frameworks. This flaw allows for remote code execution, making it possible for malicious actors to execute arbitrary code on vulnerable devices through the manipulation of a "validation issue". The discoveryUnspecified
2
The CVE-2023-41064 Vulnerability is associated with Pegasus. CVE-2023-41064 is a software vulnerability, specifically a buffer overflow issue found in the iOS ImageIO component. This flaw was discovered and reported by researchers at Citizen Lab in early September. It was being actively exploited as part of an exploit chain, along with another vulnerability (Unspecified
2
Source Document References
Information about the Pegasus Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
16 days ago
DARKReading
16 days ago
DARKReading
a month ago
InfoSecurity-magazine
3 months ago
BankInfoSecurity
3 months ago
DARKReading
3 months ago
BankInfoSecurity
3 months ago
InfoSecurity-magazine
3 months ago
Securityaffairs
3 months ago
InfoSecurity-magazine
3 months ago
Securityaffairs
4 months ago
DARKReading
4 months ago
InfoSecurity-magazine
4 months ago
Malwarebytes
4 months ago
InfoSecurity-magazine
4 months ago
Krebs on Security
4 months ago
InfoSecurity-magazine
4 months ago
Securityaffairs
4 months ago
DARKReading
5 months ago
Securityaffairs
5 months ago