CloudSEK Report Highlights the Surge of the Fake Pegasus Spyware Following Apple’s Threat Notifications 5lg3u Technology News

In its report, CloudSEK says it investigated the incidents involving fake Pegasus spyware in dark and deep web sources. 3y7o

Written by Siddharth Suvarna | Updated: 24 May 2024 12:08 IST

CloudSEK Report Highlights the Surge of the Fake Pegasus Spyware Following Apple’s Threat Notifications

Photo Credit: Unsplash/Clément Hélardot 3p2640

CloudSEK examined 25,000 Telegram posts and found a large portion claimed to sell Pegasus source code

Highlights

In its advisory, Apple mentioned Pegasus spyware as an example
CloudSEK found six unique samples of Pegasus HVNC between 2022-24
CloudSEK checked 15 spyware samples, none of which belonged to Pegasus

ment

CloudSEK, a cybersecurity firm, led an investigation after Apple's threat notifications were sent out to iPhone s in 92 countries last month, and found that soon after the advisory was released, the deep and dark web saw a rise of fake Pegasus spyware. Notably, Apple did not name any threat actors in association with its warning, but it did mention Pegasus spyware from the NSO group as an example. CloudSEK believes this could have led to scammers selling fraudulent malware as Pegasus source code.

Details of CloudSEK's investigation 1q1c4w

After Apple's warning in April, CloudSEK researchers began delving into the deep and dark web, as well as the surface web to see whether authentic Pegasus spyware was available to purchase or if fraudsters were using its name to swindle potential buyers.

In a Telegram, researchers found that a major portion of the posts claimed to sell authentic Pegasus source code.

CloudSEK's investigation in Telegram
Photo Credit: CloudSEK

These sale alert posts followed the same pattern. It used words such as NSO Tools and Pegasus to entice buyers. Interacting with more than 150 potential sellers of such “Pegasus” spyware, the report found that the samples included source code, live video demonstrations of using the malware, and snapshots of the source code. These were all done with names suggesting Pegasus.

Researchers also found six unique samples named Pegasus HNVC (Hidden Virtual Network Computing) posted on the deep web between May 2022 and January 2024, suggesting the proliferation of these samples among threat actors. Similar instances were also found on the surface web.

CloudSEK's findings 3ay4k

The cybersecurity group eventually obtained 15 samples and more than 30 indicators from various sources. However, it found that “nearly all of them have been creating their own fraudulent, ineffective tools and scripts, attempting to distribute them under Pegasus' name to capitalise on Pegasus and NSO Group's name for substantial financial gain.”

It is believed that groups of bad actors have used the sensationalism created by Apple's advisory and multiple news reports mentioning the Pegasus name and used it to sell self-created random samples labelled Pegasus. While these spyware can still be nefarious and harm the victims, they are likely not associated with the NSO Group or Pegasus.

The report has urged critical examination after an incident of a threat attack to correctly attribute the threat actors as it can both help cybersecurity firms in identifying and suggesting reinforcements and will ensure no panic is spread among people.

Is the Samsung Galaxy Z Flip 5 the best foldable phone you can buy in India right now? We discuss the company's new clamshell-style foldable handset on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

links may be automatically generated - see our ethics statement for details.

Comments

For the latest reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Pegasus

Akash Dutta Email Akash Dutta

Akash Dutta is a Senior Sub Editor at Gadgets 360. He is particularly interested in the social impact of technological developments and loves reading about emerging fields such as AI, metaverse, and fediverse. In hi... more »