• Home
  • Internet
  • Internet News
  • CloudSEK Report Highlights the Surge of the Fake Pegasus Spyware Following Apple’s Threat Notifications

CloudSEK Report Highlights the Surge of the Fake Pegasus Spyware Following Apple’s Threat Notifications

In its report, CloudSEK says it investigated the incidents involving fake Pegasus spyware in dark and deep web sources.

CloudSEK Report Highlights the Surge of the Fake Pegasus Spyware Following Apple’s Threat Notifications

Photo Credit: Unsplash/Clément Hélardot

CloudSEK examined 25,000 Telegram posts and found a large portion claimed to sell Pegasus source code

  • In its advisory, Apple mentioned Pegasus spyware as an example
  • CloudSEK found six unique samples of Pegasus HVNC between 2022-24
  • CloudSEK checked 15 spyware samples, none of which belonged to Pegasus

CloudSEK, a cybersecurity firm, led an investigation after Apple's threat notifications were sent out to iPhone users in 92 countries last month, and found that soon after the advisory was released, the deep and dark web saw a rise of fake Pegasus spyware. Notably, Apple did not name any threat actors in association with its warning, but it did mention Pegasus spyware from the NSO group as an example. CloudSEK believes this could have led to scammers selling fraudulent malware as Pegasus source code.

Details of CloudSEK's investigation

After Apple's warning in April, CloudSEK researchers began delving into the deep and dark web, as well as the surface web to see whether authentic Pegasus spyware was available to purchase or if fraudsters were using its name to swindle potential buyers.

In a report titled “Behind the Advisory: Decoding Apple's Alert and Spyware Dilemma”, the cybersecurity firm stated that it frequented Internet Relay Chat (IRC) platforms. After analysing approximately 25,000 posts on Telegram, researchers found that a major portion of the posts claimed to sell authentic Pegasus source code.

cloudsek telegram pegasus CloudSEK investigation

CloudSEK's investigation in Telegram
Photo Credit: CloudSEK

These sale alert posts followed the same pattern. It used words such as NSO Tools and Pegasus to entice buyers. Interacting with more than 150 potential sellers of such “Pegasus” spyware, the report found that the samples included source code, live video demonstrations of using the malware, and snapshots of the source code. These were all done with names suggesting Pegasus.

Researchers also found six unique samples named Pegasus HNVC (Hidden Virtual Network Computing) posted on the deep web between May 2022 and January 2024, suggesting the proliferation of these samples among threat actors. Similar instances were also found on the surface web.

CloudSEK's findings

The cybersecurity group eventually obtained 15 samples and more than 30 indicators from various sources. However, it found that “nearly all of them have been creating their own fraudulent, ineffective tools and scripts, attempting to distribute them under Pegasus' name to capitalise on Pegasus and NSO Group's name for substantial financial gain.”

It is believed that groups of bad actors have used the sensationalism created by Apple's advisory and multiple news reports mentioning the Pegasus name and used it to sell self-created random samples labelled Pegasus. While these spyware can still be nefarious and harm the victims, they are likely not associated with the NSO Group or Pegasus.

The report has urged critical examination after an incident of a threat attack to correctly attribute the threat actors as it can both help cybersecurity firms in identifying and suggesting reinforcements and will ensure no panic is spread among people.

Is the Samsung Galaxy Z Flip 5 the best foldable phone you can buy in India right now? We discuss the company's new clamshell-style foldable handset on the latest episode of Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Akash Dutta
Akash Dutta is a Senior Sub Editor at Gadgets 360. He is particularly interested in the social impact of technological developments and loves reading about emerging fields such as AI, metaverse, and fediverse. In his free time, he can be seen supporting his favourite football club - Chelsea, watching movies and anime, and sharing passionate opinions on food. More
Google Photos to Reportedly Get New Feature That Turns Videos Into Cinematic Clips
Sam Altman's OpenAI Signs Content Agreement With News Corp
Share on Facebook Gadgets360 Twitter Share Tweet Snapchat Share Reddit Comment google-newsGoogle News


Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »