MADRID, May 4. (Portaltic/EP) –
Despite being one of today’s most elusive ‘spyware’, the Pegasus espionage program leaves behind a series of indicators on devices that have been targeted by their attacks that can alert victims, such as their overheating or system slowdown.
This malicious ‘software’, linked to the Israeli company NSOGroup, It is more current than ever because it has allegedly been used to spy on the President of the Government, Pedro Sánchez, and pro-independence politicians.
Pegasus collects information from a device and transmits it to an external entity without the consent or knowledge of the owner of the device, either a mobile, a computer or a tablet.
This ‘spyware’ is characterized by the fact that once it has entered a device, through a text message (SMS) or a fraudulent link, it installs itself and erases its trace after being activated.
In this way, it can continue to steal information and access different user content, such as data from WhatsApp, Facebook or email services and browsers, without the victims have the slightest knowledge of what is going on on your devices.
Some of the actions for which this spyware has become world famous include tracking the location of the victim, the collection of photographs and other files or control of different elements of the device.
In addition, Pegasus is capable of detecting who these people have been with, as well as sending and receiving messages autonomously and record conversations by manipulating the infected device.
The main difference between Pegasus and other malicious software is that it uses some Zero Day vulnerabilities, that is, those unknown to users or manufacturers.
On the other hand, Pegasus is capable of infecting users’ devices without their authorization, an action known as Zero Click, since no action required for the spyware to install.
“These types of vulnerabilities are usually very expensive on the black market and they are only available to companies or attackers with many resourcesas seems to be the case with NSO Group”, said the director of Systems Engineering of Fortinet Spain and Portugal, José Luis Laguna, in statements collected by Europa Press.
Along these lines, Laguna has insisted that it is necessary to go beyond the behaviors already identified in other ‘spyware’ and analyze abnormal behavior of commonly used devices.
This is because, despite being a stealthy ‘spyware’, Pegasus offers some visible signs that may lead suspected victims to suspect that they have been attacked, even though it’s “frankly difficult” to get around this agent malicious.
“If, for example, the device suddenly works slower than normal, if it hangs often. If it occurs excessive data consumption when we are not using it, it is also an indicator,” said the Fortinet manager.
Likewise, the fact that the battery life is getting shorter and shorter can also be a sign that this ‘malware’ is working in the background on that device, since if it is installed, not only the autonomy of the team is reducedbut also overheats.
KEYS TO AVOID BEING A VICTIM OF PEGASUS
Despite the fact that Pegasus works stealthily and its identification on an infected device is very difficult, there are a number of measures that users should take into account. to avoid becoming their victims.
As is often the case with this and the rest of the ‘malware’ known up to now, extreme precautions must be taken and double checks must be made every time personal and confidential information is provided.
Instead of clicking on the link that we have received, to make sure it’s legit it is recommended to type the address of the site in the web browser, even though this means taking an extra step and not directly accessing this service.
On the other hand, Fortinet is starting to use behavior-based device protection ‘software’, that is, those known as Endpoint Detection and Response (EDR). This is because traditional antiviruses find it more difficult to detect the so-called Zero Day virus.
Another of the determining aspects to keep the system safe is to have the latest software versions installed, with the aim that vulnerabilities from previous updates are fixed.
It is also important to check the permissions that are granted to the applications each time they are downloaded, since it is necessary to watch if, for example, the ‘software’ requires the use of the microphone when in fact it does not need it.
It is also not advisable to connect to public or open WiFi networks, since attackers could emulate the names of those networks, capture our traffic and install ‘spyware’.
INDIVIDUALS AND COMPANIES
An investigation by the media consortium Forbidden Stories and Amnesty International highlighted last year that around 50,000 phones could be the target of this spy software, which was originally created to combat terrorism.
This analysis determined that the ‘software’ had managed to enter the devices of journalists, activists and politicians around the world to obtain both the personal information of the owners and control their movements.
However, this ‘spyware’ has been proven to be capable of infecting any device, both public figures and companies and other anonymous users.
So much so that Meta, then Facebook, denounced NSO in 2020 and accused him of infect in 2019 a network of servers in the United States to ‘hack’ hundreds of ‘smartphones’ and spy on some 1,400 targets via WhatsApp.