“”Pegasus” is spyware for “iOS” and “Android”. In 2016, an “iOS” version of “Pegasus” was discovered. Later, a version was also found for “Android”, which is slightly different from that for “iOS” devices.
One of the main infection schemes is this: The victim receives an “SMS” with a “link” and if he “clicks” on it, his device becomes infected with “spyware”. In addition —according to public information— in order to infect “iOS”, spyware exploits “zero-day” vulnerabilities found in the system”,
underlines, among others, Dmitry Galov, security researcher at “Kaspersky’s Global Research and Analysis Team”, on “Pegasus”.
He notes:
“Even when we studied “Pegasus” for “Android” in 2017, it was possible to read the victim’s “SMS” and “emails”, listen to calls, take screenshots, record keystrokes and access contacts and browser history. And it’s not just his functionality. It is also worth noting that “Pegasus” is a rather complex and expensive malware, designed to spy on people of particular interest, so the average user is unlikely to address it.
In addition, it is known that to infect “iOS”, “spyware” exploits “zero-day” vulnerabilities detected in the system. These are vulnerabilities that the developer is unaware of and that have not yet been fixed, but which can be exploited by cybercriminals to carry out a variety of types of attacks, including targeted attacks against specific organizations or individuals. Both “spyware” and “zero-day” vulnerabilities can be sold and purchased by various groups on the “darknet”. The price of vulnerabilities can reach $2.5 million; that’s the amount offered in 2019 for the full “Android” vulnerability chain. Interestingly, that year, for the first time, an “Android” vulnerability proved more expensive than an “iOS” vulnerability.
The best way to stay protected from such tools is to provide as much information as possible about these cases to relevant software and security providers. Software developers will fix vulnerabilities exploited by intruders and security providers will take steps to identify and protect users from them.“
concludes the security researcher in Kaspersky’s Global Research and Analysis Team.
Source:
(Συνολικές Επισκέψεις: / Total Visits: 20)
(Σημερινές Επισκέψεις: / Today's Visits: 1)