This story is part of
Decoding the Pegasus verdict

Explained | Pegasus, the spyware that came in via WhatsApp

How does Pegasus come into your phone, and how safe are you?

October 31, 2019 08:58 pm | Updated July 20, 2021 12:22 pm IST



In May 2019, WhatsApp identified that a bug in the app’s call function was used to install a malicious code into users’ phones. On October 29, it identified the malicious code as Pegasus , a spyware developed by an Israeli company, NSO. WhatsApp and its parent company Facebook have sued NSO in a U.S. court.

How does Pegasus come into your phone?

The code is transmitted by calling the target phone on WhatsApp. The code enters the phone even if the call is not answered. According to some reports, the log of that call gets erased. According to The Citizen’s Lab of the University of Toronto, which worked with WhatsApp on identifying spyware victims, this is only one of the ways of delivering Pegasus. It notes several other cases such as alarming SMSs that prompt targets to click on a link

What does Pegasus do?

Once installed, Pegasus can send the target’s contacts, calendar events, phone calls on and messages on communication apps like WhatsApp and Telegram to the spyware’s controller. It could steal messages from even services that offer encryption because it was taking the messages before the encryption process, according to anti-malware service Kaspersky. The controller can also turn the phone into a spying device by switching on its camera or microphone.

Who was targeted?

According to reports, over 100 human-rights activists, lawyers, and journalists were targeted across the globe. This included several lawyers and journalists in India.

Are you safe?

According to Kaspersky, Apple’s iOS security update 9.3.5 take care of the vulnerability exploited by Pegasus. Google, in a earlier blogpost, says it identifies infected Android phones and disable the malware and informs the targets.

Top News Today

Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.