50,000 plus targeted by NSO Groups Spyware

In July 2021 it was reported that spyware developed by the Israeli NSO Group was used to hack into the phones of thousands of people, including journalists, activists, politicians and business executives.

Most spyware or targeted malware, relies on malicious apps, user installations or physical access to the device itself for successful operations. However, NSO’s Pegasus can remotely compromise the device with little to no user interaction, as the spyware utilises flaws in the software’s code that have not been brought to the notice of its developers, thereby, leaving it vulnerable to exploitation by hackers.

The NSO (or anyone with access to the software) can deliver the spyware by sending the victim a link which when opened infects the phone, this then runs silently and without any interaction at all through a “zero-click” exploit, which takes advantage of vulnerabilities in the iPhone’s software and can can access all of the data on a person’s phone.

The software once installed on a victims phone, allows an attacker complete access to the device’s messages, emails, media, microphone, camera, calls and contacts.

The NSO had claimed that its spyware was undetectable and only used for legitimate criminal investigations. However the findings of the investigation by Amnesty Internationals Security Lab found that this statement was totally untrue.

A leaked list of 50,000 phone numbers of potential surveillance targets was obtained by Paris-based journalism non-profit Forbidden Stories and researchers from Amnesty International Security Labs analysed the phones of dozens of victims to confirm that they were targeted by the NSO’s spyware.


A tool has now been developed that will allow techies to detect whether a device has been infected, so if you are unsure whether or not you may have been compromised it might be worth speaking to your IT security or data forensics team.


A few simple rules to keep you safe

  • Don’t click on third party links even if they look genuine
  • Don’t download apps that haven’t been checked
  • Don’t open any documents or files that you can’t verify the source of

You should also be aware that resetting your phone to factory settings doesn’t always clear out an infection, this is because much of the software is integrated into the phone, plus your sim card also stores information such as telephone numbers, SMS messages, billing information and data usage, so spyware could also store itself on your sim.


LINKS

All you need to know about the Pegasus spyware

Forensic Methodology Report: How to catch NSO Group’s Pegasus

Massive data leak reveals Israeli NSO Group’s spyware used to target activists, journalists, and political leaders globally

MSA Tech Tools can be found here