Pegasus : Zero Click Attack Spyware

The Hackers Meetup
5 min readJul 23, 2021

A spyware called Pegasus which is birthed by an Israeli group NSO was used to spy on and collect information of many important people in the likes of hundreds of business executives, religious figures, academics, NGO employees, union officials, and government officials of at least 11 countries with India being one of them. According to the reports this malware is bought by the government only. This means that the NSO only sells this malware to the government to spy on targeted people. In this case or we can say this time, this malware was mainly injected into journalists’ phones. However, as per the company, “NSO licenses Pegasus to sovereign states and state agencies, does not operate Pegasus,has no visibility into its usage, and does not collect information about customers”.

A spyware is as we know a malware designed to spy on people using devices. The victim remains oblivious to it thanks to the spyware’s stealth ability. Spyware can be introduced into the victim’s system without their informed consent. Malicious spyware has the ability to infiltrate, capture data and send the data to it’s originator. The spyware can even self-destruct if and when needed making it very difficult for the investigators to trace the malicious software.

How Pegasus Works?

Pegasus the spyware was installed into the phone of the targets even without them knowing via popular messaging platform WhatsApp. The spyware can be sneaked into the phone via a simple missed call to the user. Now, all the hacker has to do is delete the call log for it to be untraceable in the future. The users wouldn’t know of the spyware’s existence because of this high level secrecy. After deploying the malware, it can even read messages and listen to audio messages, both of which are encrypted. It is also worth noting that this malware can even switch on the video and microphone of the device without the user knowing which can record everything in the phone’s vicinity.

Before Deploying the malware:

After deploying the malware:

Pegasus has been a buzzword since 2016 when an activist from UAE got a suspicious message. Since then, it has been in the limelight for being one of the most stealthy malwares. It has ever since evolved and now taken the look of a simple voice call you may or may not have received because of its ability to delete its own call log from the device. It has again come into limelight in July 2021 when the information became public.

Brief history of Pegasus:

Forensics Methodology Report

A Forensic methodology report by Amnesty international has taken us through how the injection has been taken out in the past.

“Numerous public reports had identified NSO Group’s customers using SMS messages with Pegasus exploit domains over the years. As a result, similar messages emerged from our analysis of the phone of Moroccan activist Maati Monjib, who was one of the activists targeted as documented in Amnesty International’s 2019 report.

However, on further analysis we also noticed suspicious redirects recorded in Safari’s browsing history. For example, in one case we noticed a redirect to an odd-looking URL after Maati Monjib attempted to visit Yahoo:”

Courtesy: Amnesty international

Reaction of Indian Government

The Indian Government has rubbished the claims by IT minister Ashwini Vaishnaw saying “In India there is a well-established procedure through which lawful interception of electronic communication is carried out in order for the purpose of national security, particularly on the occurrence of any public emergency or in the interest of public safety, by agencies at the Centre and States. The requests for these lawful interceptions of electronic communication are made as per relevant rules under the provisions of section 5(2) of Indian Telegraph Act ,1885 and section 69 of the Information Technology (Amendment) Act, 2000.

Each case of interception, monitoring, and decryption is approved by the competent authority i.e. the Union Home Secretary. These powers are also available to the competent authority in the state governments as per IT (Procedure and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009.”

Even the NSO group has said in its statement “the list showing the countries using Pegasus is incorrect and many countries mentioned are not even our clients. They also claimed that most of its customers are western countries.

How to keep yourself safe from Pegasus?

After getting to know about this, Apple was quick to act and provided its customers with an update which patched all the three vulnerabilities Pegasus was using. Pegasus for Android was also spotted in Turkey, Kenya, Nigeria, UAE, and other countries.

So what can you possibly do to evade these kinds of attacks? Although it is impossible to evade hacking because with growing technology, hackers are getting smarter by upgrading their tools as well. You can still follow some of these steps to minimize the possibility of getting hacked:

● Update your software whenever available and keep an eye out for security patches.

●Only download from authorized sources.

● If you observe any malicious file in your device, don’t open it. Instead, delete it permanently since most malwares are activated by clicking on them.

● Use the latest version of encryption techniques.

● Turn off your device when not in use.

● Get yourself a decent antivirus.

● Update your antivirus as and when needed.

● Create a strong password. Don’t use words or numbers which can be easily guessed.

● Always password protect your WiFi network.

● Avoid using public WiFi as long as possible as attacks can take place easily through these networks.

● Always check for the padlock and ‘https’ in the address bar while browsing.

Blog Written by Shreya Chakrabarty Linkedin



The Hackers Meetup

Initiative of @viralparmarhack to provide a proper platform for cyber security researchers & like-minded people to establish a community.