Pegasus Spyware: The Snooping Spyware by Israeli Firm NSO Group

By Vijay Kumar|Updated : July 22nd, 2021

Pegasus is now at the centre of a global collaborative investigative project that has found that the spyware was used to target, among others, hundreds of mobile phones in India.

Telephone numbers of some 40 Indian journalists figure in a “leaked list of potential targets for surveillance” and forensic tests were said to have “confirmed that some of them were successfully snooped upon by an unidentified agency using Pegasus software The Wire, an independent news website, reported on Sunday night.

Table of Content

Pegasus is now at the centre of a global collaborative investigative project that has found that the spyware was used to target, among others, hundreds of mobile phones in India.

Telephone numbers of some 40 Indian journalists figure in a “leaked list of potential targets for surveillance” and forensic tests were said to have “confirmed that some of them were successfully snooped upon by an unidentified agency using Pegasus software The Wire, an independent news website, reported on Sunday night.

What is Pegasus?

  • It is a type of malicious software or malware classified as spyware.
  • It is designed to gain access to devices, without the knowledge of users, and gather personal information and relay it back to whoever it is that is using the software to spy.
  • Pegasus has been developed by the Israeli firm NSO Group that was set up in 2010.
  • The earliest version of Pegasus discovered, which was captured by researchers in 2016, infected phones through what is called spear-phishing – text messages or emails that trick a target into clicking on a malicious link.
  • Since then, however, NSO’s attack capabilities have become more advanced. Pegasus infections can be achieved through so-called zero-click” attacks, which do not require any interaction from the phone’s owner in order to succeed.
  • These will often exploit zero-day vulnerabilities, which are flaws or bugs in an operating system that the mobile phone’s manufacturer does not yet know about and so has not been able to fix.

How is Pegasus different from other spyware?

  • Pegasus aka Q Suite, marketed by the NSO Group aka Q Cyber Technologies as “a world-leading cyber intelligence solution that enables law enforcement and intelligence agencies to remotely and covertly extract” data “from virtually any mobile devices”, was developed by veterans of Israeli intelligence agencies.
  • A Pegasus brochure described this as Enhanced Social Engineering Message (ESEM). When a malicious link packaged as ESEM is clicked, the phone is directed to a server that checks the operating system and delivers the suitable remote exploit.

What kind of devices are vulnerable?

  • All devices, practically. iPhones have been widely targeted with Pegasus through Apple’s default iMessage app and the Push Notification Service (APNs) protocol upon which it is based.
  • The spyware can impersonate an application downloaded to an iPhone and transmit itself as push notifications via Apple’s servers.

Why it is in News in India?

  • Recently, it has been reported that Pegasus, the malicious software, has allegedly been used to secretly monitor and spy on an extensive host of public figures in India.
  • Human Rights activists, journalists and lawyers around the world have been targeted with phone malware sold to authoritarian governments by an Israeli surveillance firm.
  • Indian ministers, government officials and opposition leaders also figure in the list of people whose phones may have been compromised by the spyware.
  • In 2019, WhatsApp filed a lawsuit in the US court against Israel's NSO Group, alleging that the firm was incorporating cyber-attacks on the application by infecting mobile devices with malicious software.

Steps Taken by Govt. of India

  • Cyber Surakshit Bharat Initiative: It was launched in 2018 with an aim to spread awareness about cybercrime and building capacity for safety measures for Chief Information Security Officers (CISOs) and frontline IT staff across all government departments.
  • National Cybersecurity Coordination Centre (NCCC): In 2017, the NCCC was developed to scan internet traffic and communication metadata (which are little snippets of information hidden inside each communication) coming into the country to detect real-time cyber threats.
  • Cyber Swachhta Kendra: In 2017, this platform was introduced for internet users to clean their computers and devices by wiping out viruses and malware.
  • Indian Cyber Crime Coordination Centre (I4C): I4C was recently inaugurated by the government.
  • National Cyber Crime Reporting Portal has also been launched pan India.
  • Computer Emergency Response Team - India (CERT-IN): It is the nodal agency which deals with cybersecurity threats like hacking and phishing.

Most Common Types of Cyber Attacks

  • Malware: It is short for malicious software, refers to any kind of software that is designed to cause damage to a single computer, server, or computer network. Ransomware, Spyware, worm, viruses, and Trojans are all varieties of malware.
  • Phishing: It is the method of trying to gather personal information using deceptive e-mails and websites.
  • Denial of Service attacks: A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic or sending it information that triggers a crash.
  • Man-in-the-middle (MitM) attacks: Also known as eavesdropping attacks, occur when attackers insert themselves into a two-party transaction. Once the attackers interrupt the traffic, they can filter and steal data.
  • SQL Injection: SQL stands for Structured Query Language, a programming language used to communicate with databases. Many of the servers that store critical data for websites and services use SQL to manage the data in their databases. A SQL injection attack specifically targets such kinds of servers, using malicious code to get the server to divulge information it normally wouldn’t.
  • Cross-Site Scripting (XSS): Similar to an SQL injection attack, this attack also involves injecting malicious code into a website, but in this case the website itself is not being attacked. Instead the malicious code the attacker has injected, only runs in the user's browser when they visit the attacked website, and it goes after the visitor directly, not the website.
  • Social Engineering: It is an attack that relies on human interaction to trick users into breaking security procedures in order to gain sensitive information that is typically protected.

The candidates can also get free video classes on General Awareness & Current Affairs by the Experts. Click here for Free Video Classes

Attempt here IBPS RRB Mock Test 2021 to analyze your performance & improve your score.

Join IBPS RRB Online Coaching to crack the exam with good marks.

What will you get in this course?

  • 200+ Interactive Live Classes for complete conceptual clarity
  • 10000+ Practice Questions covering all levels of difficulty
  • 35+ Full-Length Mock Tests & 150+ PDFs
  • Full coverage of Quant, Reasoning, English, Hindi, Computer & GA

Click here to access Test Series

Why BYJU'S Exam Prep Test Series?

  • One-stop solution for practising 14+ Bank and Insurance Exam mock tests.
  • Mock Tests designed by Exam Experts as per the Latest Pattern.
  • AIR and In-depth Performance Analysis. 
  • Covers Shortcuts, Tricks & Tips to solve the questions.
  • 40000+ Students have cleared competitive exams at various stages.

Best of luck for the exam.

Sahi prep hai toh life set hai. 

Posted by:

Vijay KumarVijay KumarMember since Sep 2015
Vijay is working as Community Manager for Banking & SSC exams, Expert Contributor for GA & Computer
Share this article   |

Comments

write a comment
Anuj Shrivastava
Very informative.. thanku team gradeup

FAQs

  • Gradeup is now BYJU'S Exam Prep that offers the most comprehensive preparation for all exams. Get Monthly/Weekly Current Affairs, Daily GK Update, Online Courses, Latest Pattern Test Series and detailed Study Material from the top faculty at your fingertips. Want to learn more? Do not hesitate to contact our customer care here.

  • Practically all gadgets. Apple's default iMessage app and the Push Notification Service (APNs) protocol, on which Pegasus is built, have been routinely used to attack iPhones.

    • Cyber Surakshit Bharat Initiative
    • National Cybersecurity Coordination Centre (NCCC)
    • Cyber Swachhta Kendra
    • Indian Cyber Crime Coordination Centre (I4C)
    • National Cyber Crime Reporting Portal 
    • Computer Emergency Response Team - India (CERT-IN): 


  • Malware, which is short for malicious software, is any software that is designed to harm a single machine, server, or computer network. Malware includes ransomware, spyware, worms, viruses, and Trojans.

  • Structured Query Language (SQL) is a computer language for communicating with databases. SQL is used to handle the data on many of the servers that store essential data for websites and services. A SQL injection attack is a type of attack that uses malicious code to trick a server into divulging information it wouldn't ordinarily divulge.

PO, Clerk, SO, Insurance

BankingIBPS ClerkNABARDSBI PONainital BankNIACL AOIDBIApprenticeHPSCBSBI ClerkIBPSLICESICJAIIBBNPBSCBPSCBRBIOtherQuick LinkMock Test
tags :PO, Clerk, SO, InsuranceGeneral AwarenessUnion Bank SO ExamNRA CET Nainital BankUnion Bank of India SOSBI CBO

PO, Clerk, SO, Insurance

BankingIBPS ClerkNABARDSBI PONainital BankNIACL AOIDBIApprenticeHPSCBSBI ClerkIBPSLICESICJAIIBBNPBSCBPSCBRBIOtherQuick LinkMock Test
tags :PO, Clerk, SO, InsuranceGeneral AwarenessUnion Bank SO ExamNRA CET Nainital BankUnion Bank of India SOSBI CBO

Follow us for latest updates