Sure in the last hours you have read some reference to Pegasus, mainly due to the information on the spying on Roger Torrent and Ernest Maragall’s mobile phones. For some people this name is already familiar, as it is not the first time that it makes headlines. On the other hand, there are those who have heard it for the first time (or heard it previously, but do not remember it) and are wondering what it is, what it consists of and why it has reached precisely the mobile phones of both politicians.
To understand it, the first thing to do is clarify that Pegasus is not a malware “to use”That is, it is not one of those pathogens that one day someone throws X email addresses or hangs on a web page, waiting for it to spread massively infecting thousands or even millions of systems. No, this Trojan works in a different way regarding its dissemination, since used exclusively for fully targeted attacks. That is, if someone is attacked by Pegasus, it is because “someone” wanted that specific person to be spied on.
This is when we have to talk a little about these types of attacks, and explain that, unlike most cyber threats, there are some like Pegasus that are used strategically against very specific objectives, as are in this case the two Catalan politicians. And an important aspect is that, unlike common cyberattacks, in this case there can also be (and in fact it is more common than you think) “legitimate” entities, which are the ones that hire the services of professionals that carry out the attacks.
And now let’s talk about Pegasus specifically: As we already told you at the time, Pegasus is a spyware Trojan developed by the Israeli company NSO Group that it attacks devices with Android and iOS, and that, as denounced at the time by Amnesty International, is being used by various countries against activists in favor of Human Rights, among which are Mexico, Kazakhstan and Saudi Arabia.
NSO Group presents itself as a cybersecurity company whose services can only be contracted by public entities, and which claims to put its tools at the service of state security. Neither companies nor individuals can, at least in theory, request the use of Pegasus to spy on a certain person. The problem is that, as it has been denounced for years, there are enough signs that the company is not too demanding in terms of the profile of its contractors. In other words, undemocratic regimes can, portfolio in hand, hire their services.
And the same goes for the motivations for spying with Pegasus. As I previously remembered, it has been used to spy on human rights activists. AND he was also used, for example, to spy on Jeff Bezos’s mobile phoneIt would be really interesting to know at whose request and for what purpose. Of course, one may be for or against Amazon’s policies, but a priori it does not appear that they are a threat to the security of any country and its citizens.
As for its technology, Pegasus is a very, very advanced tool, which also remains in constant evolution. Once it reaches the victim’s smartphone, it performs a complete analysis of it and, with the information obtained, downloads and installs the necessary elements to start spying on its user. It has multiple masking functions to make detection difficult, and even before the impossibility of connecting to the malware control server to exfiltrate the data, it can be self-eliminated to avoid detection.