Pegasus Software - What is it and how does it work?

Posted by FunInformatique 7 minutes of reading
pegasus what is how works
pegasus what is how works

Last updated: February 11, 2023

Pegasus still talk about him. It is apparently used so frequently by various governments around the world. Indeed, some cases of hacking of phones by Pegasus are frequently reported every few months.

Today, most communications applications now use end-to-end encryption by default, providing impenetrable protection for online conversations. However, this poses a challenge for governments when it comes to monitoring. To meet this need, Pegasus was created.

What is Pegasus?

Pegasus is a spyware for iOS et Android developed by the Israeli company NSO Group, specializing in the development of spyware.

Pegasus software is intended for use only by governments to monitor people suspected of terrorism or other serious crimes. However, in reality it is equally used by democratic and authoritarian regimes to follow journalists, political opponents and human rights activists.

Once installed, Pegasus can collect sensitive data, such as passwords, text messages, calls, photos, audio files, etc. It can also activate the camera and microphone to record the target's activities in real time. Additionally, Pegasus can be used to track the target's geolocation, control user actions on the phone, and even deploy other malware on the device.

Pegasus spyware installation methods?

Pegasus can be installed on a target device in several different ways, including:

Zero Day Attack

A zero-day attack is a computer vulnerability that can be exploited by hackers before developers are aware of its existence and take steps to fix it.

In this specific case, the attack occurs when a call is made via whatsapp or another VoIP application to a target phone. If the vulnerability is present, the Pegasus malicious code can be installed on the phone, even if the person never answered the call.

The fact that the installation occurs even if the person never answered the call is what makes this kind of attack dangerous. The phone user has no idea their device has been compromised, meaning an attacker can collect sensitive information without being detected.

Spear phishing attack

Spear phishing attack is a sophisticated and dreadful way to get Pegasus spyware installed on a target device. It targets a specific person using information manipulation techniques to convince them to click on a malicious link. This link can be sent by SMS, iMessage or WhatsApp.

The latter appears to come from a trusted source, but in reality, it exploits software vulnerabilities to discreetly install Pegasus on the target's device.

This method is particularly pernicious because it relies on the target's trust and naivety to succeed. Attackers can use target-specific information to make their attack more convincing, and the target can be tricked into thinking they are receiving a legitimate message.

It is therefore crucial to be vigilant and not click on links from unreliable or unknown sources.

Network injection attack

Network injection attack is a dangerous tactic used to compromise mobile phones without user consent. By using this technique, the attacker can change the behavior of the mobile phone to redirect it towards downloading, for example, Pegasus without the interaction of the targeted person.

To carry out this attack, an attacker needs to monitor and manipulate the target's internet traffic. This can be done using a device called an “IMSI Catcher”.

Un IMSI Catcher is a technical device that can be used to monitor mobile communications in a given area by simulating a mobile phone network. Nearby mobile devices then connect to this fictitious network instead of their real network, allowing the IMSI Catcher to monitor and collect communications information, including location data, phone numbers called.

The Powerful Features of Pegasus Spyware

Pegasus spy software can do many things to spy on a cell phone user:

  • Collect personal information: Pegasus may collect information such as text messages, phone calls, emails, photos, etc.
  • Track location: Pegasus can track the user's geographic location in real time. The attacker knows where the user is at all times.
  • Record conversations: Pegasus can record audio and video conversations, even voice calls on WhatsApp, Viber, Skype, etc.
  • Access the camera and microphone: Pegasus can access the phone's camera and microphone. Indeed, the attacker can listen and see what is happening around the user.
  • Take full control of the phone: Pegasus can take full control of the phone, which means the person controlling Pegasus can do whatever they want with the phone, like send messages, erase data, etc.

Conclusion

In conclusion, Pegasus is a very powerful spy software which can collect lots of information about a cell phone user including messages, calls, locations, audio and video conversations etc. He can also take full control of the phone.

However, it is important to note that using this kind of software without the user's permission is illegal in many countries and may violate the user's privacy and rights. Therefore, it is important to take security measures to protect personal information and data online.

Those who liked this article also liked these:


  1. Exploring Metasploit: A Beginner's Guide
  2. Disposable phone: What is it and how does it work?
  3. How to protect your privacy on the internet?
  4. How to root your phone Android ?
  5. How to access your phone Android with a broken screen?
  6. You Can Finally Change Your Snapchat Username: Here's How