BACKGROUND
An extortion scam is being spread through spam emails, claiming to have hacked users by utilizing a 'zero-click' vulnerability to install Pegasus spyware software on their phone.
The scammer says they have been using the spyware to monitor the user's activities, extract messages, photos and emails, record calls, and secretly activate their camera or microphone to record videos of them during their "most private moments". The email warns that if the requested payment is not made, the videos will be published or sent to the victim's family, friends and business associates.
Modus Operandi
Pegasus is a spyware that can be installed through a zero-click attack, which does not require any interaction from the user. In order to inject a zero-click attack, the attackers look for vulnerabilities in the phone’s operating system or any of the apps installed on it. The hacker then injects the code into the target device using a hidden text message or image file. Once the device is compromised, the message that was used to exploit the device is self-destructed, removing traces of the hack.
IMPACT
- Compromise of phones
- Leakage of personal and confidential information
SYSTEMS AFFECTED
- While iOS devices are the common target, Android devices are also greatly vulnerable.
RECOMMENDATIONS
- Do not panic, and do not pay the ransom.
- Ensure that your operating system and all installed apps are up to date.
- Use a separate device to change the passwords of all the online services and applications that were used on the infected device.
- Since a factory data reset of a smartphone does not remove the Pegasus spyware, the only way to get completely rid of Pegasus is to discard the phone that has been affected.
BEST PRACTICES
- Install antivirus or anti-malware on your device and frequently update it.
- Do not click any suspicious links that are sent from unknown sources.
- Avoid downloading third-party apps or installing apps by lesser-known developers.
- Avoid doing any confidential work on your smartphone at least until spyware has been removed completely.
- If you receive a phishing email, mark it as spam and delete the email immediately.
- Browse safely. Do not visit unknown or suspicious websites.