June 2, 2022

—

Security

—

13 min read

What Is Pegasus Spyware? Everything You Need To Know

Pegasus spyware is powerful spyware used to compromise privacy and security. Used by the government, it is targeted at high-rank people or journalists.

Ross K.

Security Expert

The world shivers when they hear the name Pegasus. It's the modern-day boogeyman of the digital world and can do unfathomable amounts of damage to your personal and/or business data. In this article, we will dive a bit deeper into it and try to understand how it works, what it does and how you can better protect yourself from it.

Trust us, it's well-worth reading because if Pegasus manages to get into your device and you're unprepared, there is almost no way to get rid of it because you probably won't even know it's there.

First things first - What is Pegasus Spyware?

Pegasus is a form of licensed spyware that can infect both iOS and Android devices. Once Pegasus is on your device, it can do everything from stealing your private photos and videos to turning on your microphone and recording your conversations. Pegasus can even track your movements and read your texts. Pegasus is the stuff of nightmares, and it's becoming all too real for an increasing number of people. It's the creme de la creme of spyware and it's so sophisticated and well-developed, that it's actually a very profitable business for the NSO Group - an Israeli cyber intelligence company.

Yup, you can license Pegasus and do your own work with it. Keep in mind that a yearly license costs anywhere between 7 to 8 million USD (estimates as of 2022, since no official pricing is published). Yes, that is so much more than the likes of your antivirus software or things like Netflix. So, as you can already see, Pegasus is very high-end, focusing on very wealthy customers, concerned with gathering intel via spyware or those looking to enforce counterintelligence measures. This is governments and billionaires, primarily. The main industries that the Pegasus should focus on are:

Governmental Institutions
Law Enforcement
Military Organizations
Secure Private Companies

In an ethical sense, a tool with such powers should not be exploited for gaining unfair advantages or for spying against business rivals, etc. However, in recent times, there have been so many violations of privacy reported with all evidence pointing to spies and hackers exploiting Pegasus to steal sensitive personal and/or political information from people.

How does Pegasus spread?

Pegasus is usually spread through text messages that contain a link to what appears to be a legitimate website or receive an image, a file, etc. But it's more sophisticated than that. All mid-level phishers can make a legit-looking, but fake website or send a file. Where Pegasus shines is its ability to manipulate and override your system controls and defenses. Even though a shroud of secrecy surrounds the inner workings of Pegasus spyware, we can understand a few steps on how it works. Pegasus usually tries to manipulate connections to send links to victims via trusted sources (e.g. making it look like they came from someone in their contacts).

Once the victim clicks on the link, downloads the file or takes any action, the deed is done. If they're redirected to a website, the download and install of the spyware could've been already triggered in the background. If the victims download a file or photo, it can download that very photo but the Pegasus spyware along with it. Since Pegasus is remotely controlled, even if your device is infected with it, that doesn't mean that you're a target. The goal of the hackers and attackers is to locate the victim and to install the software on their device, so you can be just an intermediary stop.

How can I tell if I have Pegasus on my device?

Unfortunately, there is no sure-fire way to tell if your device has been infected with Pegasus. The software is super-clever and semi-autonomous. It can adapt to different devices and different operating systems. It can also lay dormant for a long time, until it receives commands from the NSO Group's servers. It usually gathers data during the night, whenever you're not using your phone or when you're charging it, so you won't notice any slow down or fast battery drainage.

However, there are some tell-tale signs that may give it away. Yet, keep in mind that there can be a million other reasons for the symptoms. Because Pegasus is so advanced, being able to manually notice it is nearly impossible, but for the sake of it. Here are things to look at.

If your device suddenly starts behaving oddly, or you notice unexpected battery drainage, data usage, or overheating, then it's possible that you have Pegasus on your device. Another possibility is that you may notice new apps on your device that you don't remember installing, or find that the settings on your device have been changed without your knowledge.

If you think that you may have been infected with Pegasus, the best thing to do is to factory reset your device and start from scratch. This will remove any traces of the spyware from your device and hopefully protect you from any further attacks. Yet, the spyware is clever on this end too. If it senses even the smallest chance of potential risk, it auto-destructs, leaving absolutely no trace for you to focus on.

Famous uses of Pegasus

Jeff Bezos and Saudi prince incident

A few years back, a huge scandal erupted when (then) the world's richest man Jeff Bezos was at the forefront of a major leak, revealing very personal text conversations between him and with who appeared to be his mistress. Even though we can't be certain, it seems that this was the catalyst in the divorce between the Amazon CEO and his wife, causing damage to not only his personal life, but also his company. The leaks were posted on various news outlets and made shockwaves around the world.

But the question was, who leaked those messages? Were it his competitors in online retail? Was it his betrayed wife or angry family members? Nope. It seems like it was the Crown Prince of Saudi Arabia. Apparently, he was trying to teach the American billionaire a lesson for allowing the Washington Post (which Bezos' owned) to publish articles that were undermining the Saudi royal family's prestige.

Hackers, at the request of the Crown Prince, were able to install Pegasus on Bezos' iPhone X through a WhatsApp message that he personally received from Saudi Arabia's Crown Prince Mohammed bin Salman. Once the spyware was installed, it gave the hackers access to Bezos' entire phone, including his private messages, photos, contacts, and location data. And that was what.

Catalan political leaders

As you may know, Catalunya, a region in Spain, has very strong local autonomy sentiments and a very unique identity. However, it is always struggling against the Central Spain's government who is trying to prevent Catalunya from gaining too much independence and seceding from the Kingdom. So, it is in Spain's best interest to keep the Catalan political leaders on a short leash. However, the people of this region are very vocal and express their support to the pro-independence politicians.

And how do you defeat someone that has the support of the people? Of course by using top of the range spyware to steal sensitive information from them.

In 2019, several Catalan political leaders were targeted by Spanish intelligence services in an attempt to prevent them from holding an independence referendum. It is believed that the Spanish government used NSO Group's Pegasus spyware to target these individuals in order to gather information about their plans and activities.

Summary

As you can see, Pegasus is no joke. If someone decides to target someone with it, this spyware can essentially do whatever they want with your device, without you even knowing. They can access your private messages, photos, contacts, and location data. In the wrong hands, this information can be used to blackmail you or ruin your reputation, or to even attack you, put you in jail, steal from you, etc.

You can watch a video on YouTube by the Guardian to find out more about the workings of this spyware (Click here).

How can I better protect myself from spyware and tracking?

If you're not a high-ranking politician with a lot of enemies, a journalist in an authoritarian country continuously enforcing your right to free speech and writing non governmental publications or a very rich person, chances are you will never be targeted by someone who uses Pegasus. However, we feel entitled to tell you more about how you can better protect yourself from threats like Pegasus and others.

Pegasus is a very sophisticated piece of spyware that is only available to government agencies and other authorized entities. However, there have been a few instances where the NSO Group is believed to have sold their software to criminals and other unauthorized individuals. But there are plenty of other tools that are more commonly used by cybercriminals around the world.

If you think you may be targeted by someone who wants to use spyware or tracking software against you, there are a few things you can do to better protect yourself:

Use a security-focused mobile operating system like GrapheneOS.
Use a reputable security app like Malwarebytes.
Keep your software and apps up to date. Most of the time, Pegasus and other spyware is transferred via regular apps like Whatsapp, Messenger, Facebook or Telegram by exploiting vulnerabilities in the current and/or past builds.
Be careful about the links and attachments you open, even if they come from people you know and trust. In general, don't click on links or attachments unless you're absolutely sure they're safe.
Keep an eye out for strange activity on your device, like unusual battery drainage or data usage, new apps appearing, etc.
If you think your device has been compromised, factory reset it.
When using apps, make sure they encrypt your data end-to-end (like Kraden messenger does).

We also wrote a separate blog on dealing with your phone that's potentially or 100% hacked. Give it a read to find out more on how to act in an emergency and to best protect your data (Click here).

GrapheneOS - Hardened OS, focused on security

GrapheneOS is a very secure, hardened Android-based mobile operating system, compatible with Android apps. GrapheneOS is built and designed with security in mind. It's one of the most secure mobile operating systems available and it's super difficult to hack. As of now, Graphene OS is probably the only technical solution that offers somewhat viable defense against Pegasus.

It's open-source, which means that anyone can contribute to its development or audit its code to make sure there are no backdoors or other security vulnerabilities. GrapheneOS improves the privacy and security of the OS from top to bottom.

Since GrapheneOS is based on Android, it's compatible with all Android apps and you can even use the Play Store to install them. Even though Pegasus is likely to be continuously updated, GrapheneOS is too. So, GrapheneOS is your best bet at decent protection from the most dangerous spyware in the world. As the developers imply, Pegasus won’t be able to penetrate this mobile OS as easily, as it could other operating systems.

It deploys technologies to mitigate whole classes of vulnerabilities and make exploiting the most common sources of vulnerabilities substantially more difficult. It improves the security of both the OS and the apps running on it. The app sandbox and other security boundaries are fortified. GrapheneOS does a great job at it. There is practically no negative impact to the user experience, even with the abundance of privacy and security features.

If you're really worried about someone using Pegasus against you or if you're just generally concerned about your privacy and security, we recommend switching to GrapheneOS right away. You can install it on your Google Pixel phone (all models are supported) or on a Chromebook that has been converted into a "Pixelbook". It will only take a few or up to 10 minutes of your time.

You can read more about GrapheneOS in our blog post that we wrote recently (Click here to read more).

Kraden Messenger - Ensure better protection for yourself

For those who are worried about their privacy and security with or without Pegasus Spyware in the picture, the Kraden app should come to the top of the priority list.

Kraden is a secure messaging app that offers end-to-end encryption for all your conversations as well as total anonymity. It enforces Zero Storage, Zero Knowledge and Zero Trust architectures. This means 3 things.

We don’t require nor store any part of your personal information, messages, shared files or logs on our servers. That’s Zero Storage.
No one, not even Kraden developers, can read your messages or listen to your calls, and you can control who you interact with. That’s Zero knowledge.
No trust by default means that our system architecture is protected from many exploits that occur due to vulnerabilities, present because of the very same trust by default solution. That’s Zero Trust.

Since Pegasus and most other spyware spreads via file or link sharing, Kraden is a great option to better protect yourself. The app only runs on Google Pixel devices with GrapheneOS, so you get the best base security right away. Besides, in Kraden you can communicate with the people you know and/or trust, so you can be sure that the threat of such spyware spreading is much lower.

Conclusion

In short, Pegasus is a very powerful and sophisticated spyware that can be used to compromise your privacy and security in a variety of ways. Actually - it can steal or gather all kinds of data from your phone without you even knowing. If you think you may be targeted by someone who wants to use it against you, there are a few things you can do to protect yourself.

First, and most important is to consider switching to GrapheneOS. Always update your apps and software to prevent exploits. Prioritize apps that encrypt your data by default. Next, remain vigilant about the links and attachments you open, even if they come from people you know and trust. Don’t forget to keep an eye out for strange activity on your device which may indicate it has been infected. And finally, factory reset your device if you think it's been compromised. It shows awareness and smarts if you're concerned about your privacy and security in today's day and age. With tools like Pegasus spreading around, it’s better to be safe than sorry.