Pegasus: a spyware that leaves no trace

NEW DELHI: For spyware, you can do anything. The cunning underground invader can capture all items from any mobile device without leaving an electronic trail, just with a missed call.

A close look at the complaint filed in a California court against NSO Group, the Israeli technology firm that developed Pegasus, reveals the extent to which spyware can collect data from an affected device.

What happened through the function and addressed at least 1,400 users was first reported in May.

WhatsApp had announced an immediate update on May 13 after identifying a vulnerability that could allow an attacker to insert and execute code on mobile devices. He had called spyware an example of a highly sophisticated attack at that time.

The 111-page complaint, filed in the United States District Court in California, against the Israeli developer who is also known as Q Cyber ‚Äč‚ÄčTechnologies, alleges that targeted users included lawyers, journalists, rights activists humans, political dissidents, diplomats and other senior officials of the foreign government.

The complaint holds NSO responsible for breach of contract and alleges that it has violated several laws of the state of California.

WhatsApp has alleged that the defendant (OSN) has damaged his reputation, public trust and goodwill and caused damages in excess of $ 75,000 and in an amount that will be proven at trial.

The investigation, detailed in the WhatsApp complaint, found that between approximately January 2018 and May 2019, Defendants created WhatsApp accounts that they used and caused them to be used to send malicious code to target devices in April and May 2019.

The accounts were created using telephone numbers registered in different counties, including Cyprus, Israel, Brazil, Indonesia, Sweden and the Netherlands.

Between approximately April 29, 2019 and May 10, 2019, the defendants caused their malicious code to be transmitted through WhatsApp servers in an effort to infect approximately 1,400 target devices. Target users had WhatsApp numbers with country codes from several countries, including the Kingdom of Bahrain, United Arab Emirates and Mexico. According to public reports, Defendants' clients include, among others, government agencies in the Kingdom of Bahrain, United Arab Emirates and Mexico, as well as private entities. add.

According to the complaint, Pegasus is capable of monitoring at three levels: initial data extraction, passive monitoring and active collection.

Pegasus was designed, in part, to intercept communications sent to and from a device, including communications via iMessage, Skype, Telegram, WeChat, Facebook Messenger, WhatsApp and others, WhatsApp explained in its written submission.

He adds that spyware leaves no trace on the device, consumes a minimum consumption of battery, memory and data and comes with a self-destruct option that can be used at any time.