Pegasus was developed by the Tel Aviv, Israel-based cyber intelligence and security firm NSO Group. The spyware, believed to have been around at least since 2016, is said to be known by other names as well, like Q Suite and Trident.
Considered the most sophisticated among all such products available in the market, it can infiltrate iOS, Apple’s mobile phone operating system, and Android devices.
Pegasus was meant to be used by governments on a per-license basis. In May 2019, its developer had limited sales of Pegasus to state intelligence agencies and others.
The home page of NSO Group’s website says the company creates technology that “helps government agencies” prevent and investigate terrorism and crime to save thousands of lives around the globe.
The company’s human rights policy includes “contractual obligations requiring NSO’s customers to limit the use of the company’s products to the prevention and investigation of serious crimes, including terrorism, and to ensure that the products will not be used to violate human rights”.
However, NSO has been accused in the past of using Pegasus to snoop on people.
In late 2019, WhatsApp, the Facebook-owned messaging service, confirmed that some 1,400 of its users in 20 countries, including Indian journalists and activists, had been targeted by Pegasus in May that year.
WhatsApp said the spyware exploited its video calling system and a specific vulnerability to send malware to the mobile devices. The vulnerability has since been patched.
NSO allegedly first created fake WhatsApp accounts, which were then used to make video calls. When an unsuspecting user’s phone rang, the attacker transmitted the malicious code and the spyware got auto-installed in the phone even if the user did not answer the call.
Through Pegasus, the attacker then took over the phone’s systems, gaining access to the user’s WhatsApp messages and calls, regular voice calls, passwords, contact lists, calendar events, phone’s microphone, and even the camera.
NSO Group has, however, denied any wrongdoing. It claimed to sell Pegasus only to “vetted and legitimate government agencies”.
With inputs from NDTV