Pegasus spyware was reportedly used to spy on Indians, a new report said.
In 2019, WhatsApp raised the issue when it accused Israeli spy detectives the NSO Group of its spy Pegasus allegedly used to arrest journalists, activists, lawyers and senior government officials in 20 countries around the world, including India.
In May 2019 WhatsApp has revealed that it has contacted several Indian users who are believed to be responsible for illegal logging using Pegasus spyware.
Although the alleged use of Pegasus came after WhatsApp sued the NSO Group, the use of Pegasus has long been suspected in the WhatsApp cyberattack which was first reported in 2019.
What is Pegasus and how does it affect devices?
According to The Citizen Lab at the University of Toronto, which has assisted WhatsApp with an investigation into cyber attacks, Pegasus is the leading spyware of the NSO Group based in Israel.
It is believed to be known by other names as well, such as Q Suite and Trident.
Pegasus reportedly has the ability to access both Android and iOS devices and uses multiple hacking methods on targeted mobile devices, including using zero-day exploits.
In the case of WhatsApp, Pegasus said he used the risk in WhatsApp VoIP which is used to place video and audio calls. The lost call on WhatsApp allowed Pegasus to gain access to the target device.
The Citizen Lab notes that Pegasus has used other methods in the past to get inside the target tool, such as finding a target by clicking on a link using social engineering or using fake package notifications to install spyware.
Pegasus has been around since 2016 and is believed to have been used to identify Indians in the past.
What can Pegasus do?
Pegasus is a piece of spyware with various functions and as soon as it is installed on the target device, it starts communicating with the control servers, which can send commands to collect data from the infected device.
Pegasus can steal information such as passwords, contacts, messages, calendar details, and even voice calls made using messaging apps.
Additionally, it can capture and use the camera and phone microphone and use GPS to track live location.
Who was hacked using Pegasus in India?
The specifics of how many people have entered India using Pegasus via WhatsApp are unclear.
However, a WhatsApp spokesperson confirmed to Gadget 360 that Indian users were among those contacted by the company regarding a cyber attack in May 2019.
“We have sent a special WhatsApp message to an estimated 1,400 users who have reason to believe they were affected by the [May 2019] attack to inform them directly of what happened,” WhatsApp wrote on her blog.
WhatsApp owned by Facebook also never said anything about who was the cause of the cyber attacks and illegal trafficking.
NSO Group has also denied any wrongdoing and the company says it only sells spyware “to government-tested and legal entities.”
