Israeli firm impersonated Facebook to spread spyware

A recent investigation from a news agency claims that a Facebook security lookalike domain was set up by an Israeli security company to spread Pegasus hacking tool.

The investigating agency also claims that they found the evidence that the servers in USA were used to spread the spying tool.

What is Pagasus Spyware?

The Pegasus is a spyware, once installed, can read text messages and other data on the phone, track its location with GPS, and access the microphone and camera. It is said that it is the most sophisticated, targeted, and persistent mobile attack ever found on iOS. It is an active, targeted mobile spyware threat called Pegasus that uses three critical and previously-unknown (“zero-day”) iOS vulnerabilities. The vulnerabilities, when exploited, form an attack that subverts even Apple’s strong security environment. We call these vulnerabilities “Trident.” Once Pegasus uses the Trident vulnerabilities to infect the device, the spyware causes catastrophic data loss, and can access all messages, calls, emails, logs, and data from apps including end-to-end encrypted applications.

Who do attackers target?

Hackers uses this kind of targeted and expensive spyware to attack “high-value” individuals who have access to important, sensitive, and confidential information. The Pegasus attack reported in the media targeted a political activist, but it is also likely being used to attack specific targets for multiple purposes, including high-level corporate espionage

How organization can protest?

iPhones in your organization that were already infected before Apple issued the security update need to be:

  1. Identified immediately
  2. Turned off
  3. Reported to your IT Security team

The IT Security team then needs to address the data compromise that has occurred.


0 3