A security vulnerability on WhatsApp helped hackers install Pegasus spyware
By exploiting a severe WhatsApp vulnerability, hackers found an ability to install surveillance malware, called Pegasus spyware. The vulnerability helped these cybercriminals to install the virus remotely and without any notice because the only thing they had to do is to make WhatsApp audio call and have it answered. Fortunately, the flaw has already been patched and WhatsApp users are encouraged to update the app immediately to eliminate any risk.
Pegasus spyware is an infamous threat developed by Israeli company known as NSO group. When installed on the system, it could access the victim's camera, microphone, emails, and messages to collect the user data or spy on the victim. The malware targeted people even a few days before the patch. Fortunately, it was blocked by WhatsApp and investigation started.
Hackers took advantage of the security bug to install Israeli spyware Pegasus
The Pegasus spyware was developed by Israeli-based NSO Group to help governments and companies investigate their employees and other parties. However, hackers misused the app to use the flaw named CVE-2019-3568 to launch a specific code on WhatsApp. It is not clear how long this vulnerability was available or how many people got affected. However, the report on Facebook is stating that there are numerous Android and iOS devices having the issue:
The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
According to WhatsApp, the vulnerability was discovered in early May, and it took ten days to make necessary alterations to the application to disable this attack. However, the flaw has been successfully exploited to install Pegasus or other spyware and steal information from targeted phone users with only one call, even when it was not answered.
The malware made needed changes to hide its activity. It was found that it erased details about incoming calls and also deleted associated logs to operate without notice.
Not the first attack using Pegasus spyware to steal personal data
The bug was accidentally discovered by WhatsApp developers when they decided to improve the security of the voice calls. At first, engineers were surprised by the information that many users got calls from an unfamiliar number. Later on, it was discovered that such calls are related to the malicious code which is launched automatically.
NSO, known as Pegasus providers, have said that they are not operating their technology after selling it to governments seeking to spy on citizens:
We investigate any credible allegations of misuse and if necessary, we take action, including shutting down the system. Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies. NSO would not or could not use its technology in its own right to target any person or organisation, including this individual.
Pegasus spyware has already been deployed to hack journalists, lawyers, and other dissidents. In 2016, spyware was used in an attack on Emirati human rights activist and 2018, 12 TV journalists got affected while investigating a scandal regarding Mexican President.