The renowned international human rights group, Amnesty International, along with the international investigative journalism initiative, Project Pegasus, recently reported that the Pegasus spyware is still widely used against high-profile targets. The spyware, created by Israeli cyber-arms company NSO Group, has targeted more than 50,000 phone numbers belonging to journalists, activists, opposition politicians, and business people.
What is Pegasus Spyware?
In today’s age of digitalization, cyberattacks have become a common way to attack enemy countries, opposition politicians, activists, and journalists. The Israeli cyber-arms company known as NSO Group developed spyware that can perform remote surveillance of mobile phones. Spywares are basically malicious software that can enter your smartphones, gather all your data, and transfer to a third party, all without your consent.
Pegasus is often regarded as the most powerful spyware ever created in the world. This spyware can easily and covertly infiltrate your mobile phones — running most versions of iOS and android — and turn into a surveillance device. The spyware can help to monitor calls, texts, web searches, and even track the targets’ location. Furthermore, this spyware also enables the agencies to hijack the target’s microphone and camera.
The latest report from Project Pegasus revealed that the latest version of spyware can infect all modern versions of iOS, including the latest iOS 14.6. Pegasus often exploits the bugs and vulnerabilities of both iOS and Android devices and installs itself on them. The previous version of the spyware used a method called spear-fishing to spy on the targets. However, the latest version can infect through missed WhatsApp calls and over a wireless receiver placed near a target.
NSO Group has been marketing spyware as a method to spy on terrorists and track criminals. The spyware company sells the spyware only to government agencies and charges millions of dollars from them. NSO Group charged around $500,000 as an installation fee and $650,000 to infect any 10 devices. The company, along with the governments that bought the software, denied the claims reported by Project Pegasus.
How you can check your phone for the malicious Pegasus spyware using Amnesty’s tool?
Amnesty International’s cybersecurity team had a major part in revealing the attacks of the spyware developed by NSO. Now, the non-government human rights agency has developed a tool to check whether your device has been infiltrated by military-grade spyware. TechCrunch reported that it will normally take 10 minutes to make the tool fully operational. You will need some amount of technical skill and patience to find out if you are being monitored by Pegasus.
As you may have heard, @amnesty has released mat-detect. an amazing tool for detecting whether your device has evidence that it may have been touched by the Pegasus spyware. In this thread I am going to tell you about my experience and lessons using this tool one iOS. (1/13) pic.twitter.com/pJRTv4FVPf
— Ray [REDACTED] (@RayRedacted) July 21, 2021
Before we begin, it is absolutely vital that you only download utilities and instructions from their official sources. So lets start with the links: (2/13)https://t.co/CtIg0E2r0Hhttps://t.co/8YS6nPuXwIhttps://t.co/PeEDhxDCuO
— Ray [REDACTED] (@RayRedacted) July 21, 2021
The toolkit, named Mobile Verification Toolkit (MVT), is command-line or terminal-based and works on both iOS and Android. The process involves backing up your data to a separate device and checking for any indicators of compromise on that backup. MVT works best on iPhones and even if your iPhone backup is encrypted, MVT can help to decrypt it and run a check for spyware. However, the analysis on android devices is limited, but MVT can still check suspicious SMSes and malicious APKs.
The first thing that you will need to do is to make a backup of your mobile device on a Mac or PC. Amnesty’s instructions can be a great help to Linux users, on how to create the backup using “libimobiledevice” command-line tool. Now, after getting a backup file, you will need to install Amnesty’s MVT software. To run MVT on Mac, you will need to download Xcode and homebrew and install them. Amnesty has shared the instructions on how to install dependencies and run the MVT program on your devices.
However, Amnesty provides a program that can run only on macOS and Linux. If you are looking to run the tool on your windows then you will have to do another process, before installing MVT. Windows users can download Windows Subsystem for Linux (WSL), which uses Linux Distro like Ubuntu. This would take some time, but you can install the WSL while you wait for your phone to complete the backup process.
Stay Updated With Stanford Arts Review For Latest Updates