Bogus Pegasus Spyware Surges After Apple Warning: CloudSEK Report

An investigation led by cybersecurity firm CloudSEK revealed alarming findings following Apple’s threat notifications to iPhone users in 92 countries last month. The advisory raised concerns about the Pegasus spyware, without naming specific threat actors. However, the mention of NSO Group’s Pegasus as an example prompted a surge in fake Pegasus spyware on the deep and dark web.

CloudSEK’s thorough investigation delved into various web platforms to determine the authenticity of the alleged Pegasus spyware. The cybersecurity firm monitored Internet Relay Chat (IRC) platforms and analyzed over 25,000 posts on Telegram. Shockingly, a significant number of posts claimed to sell genuine Pegasus source code, enticing potential buyers with names like NSO Tools and Pegasus.

Approximately 150 potential sellers were engaged in interaction by CloudSEK researchers to investigate the samples further. It was discovered that six unique samples named Pegasus HNVC (Hidden Virtual Network Computing) were posted on the deep web between May 2022 and January 2024. These findings indicated a proliferation of fraudulent Pegasus samples among threat actors, raising concerns about potential cyber threats.

Despite obtaining 15 samples and over 30 indicators from various sources, CloudSEK found that most of them were fraudulent and ineffective tools created by bad actors to exploit the sensationalism surrounding Apple’s advisory. These fake spyware, while possibly harmful, are not linked to the NSO Group or authentic Pegasus spyware.

The report emphasized the importance of accurately attributing threat actors following a cyber incident to aid cybersecurity firms in identifying and suggesting necessary reinforcements. Moreover, precise attribution helps prevent unnecessary panic among the public, ensuring that misinformation and fear do not spread.

It is essential for individuals and organizations to remain vigilant and exercise caution in the face of potential cyber threats. By staying informed and following secure practices, users can protect themselves from falling victim to cybercriminals seeking to exploit vulnerabilities for financial gain.

Overall, CloudSEK’s investigation sheds light on the prevalence of fake Pegasus spyware in the aftermath of Apple’s threat advisory, highlighting the need for continued vigilance and proactive measures to safeguard against cyber threats in today’s digital landscape.