In May 2019, WhatsApp identified that a bug in the app’s call function was used to install a malicious code into users’ phones. On October 29, it identified the malicious code as Pegasus , a spyware developed by an Israeli company, NSO. WhatsApp and its parent company Facebook have sued NSO in a U.S. court.
How does Pegasus come into your phone?
The code is transmitted by calling the target phone on WhatsApp. The code enters the phone even if the call is not answered. According to some reports, the log of that call gets erased. According to The Citizen’s Lab of the University of Toronto, which worked with WhatsApp on identifying spyware victims, this is only one of the ways of delivering Pegasus. It notes several other cases such as alarming SMSs that prompt targets to click on a link
What does Pegasus do?
Once installed, Pegasus can send the target’s contacts, calendar events, phone calls on and messages on communication apps like WhatsApp and Telegram to the spyware’s controller. It could steal messages from even services that offer encryption because it was taking the messages before the encryption process, according to anti-malware service Kaspersky. The controller can also turn the phone into a spying device by switching on its camera or microphone.
Who was targeted?
According to reports, over 100 human-rights activists, lawyers, and journalists were targeted across the globe. This included several lawyers and journalists in India.
Are you safe?
According to Kaspersky, Apple’s iOS security update 9.3.5 take care of the vulnerability exploited by Pegasus. Google, in a earlier blogpost, says it identifies infected Android phones and disable the malware and informs the targets.