Hackers are selling fake Pegasus spyware source code, says CloudSEK. Learn how to protect yourself from this cyber scam.
Contextual AI platform CloudSEK's latest research report reveals a worrying trend of widespread misuse of NSO Group's Pegasus spyware name, leveraged by threat actors on the dark web for financial gain, with almost all samples identified as fake.
This development is in line with Hackread's recent report on Apple's warning of a "mercenary spyware" attack on April 10, 2024. The tech giant revealed how such an attack affected iPhone users in 92 countries, highlighting that state actors or private companies can create mercenary spyware, such as Pegasus.
What is Pegasus Spyware?
Pegasus is a powerful and invasive spyware associated with serious attacks on journalists, activists and even government officials. It can steal data, track location, and even activate phone microphones for eavesdropping.
Following Apple's advice, CloudSEK researchers began analyzing Dark and Deep Web sources for incidents involving the NSO Group name and the Pegasus spyware. They analyzed 25K Telegram posts, over 150 potential Pegasus sellers, 15 samples, and 30+ indicators from HUMINT and underground platforms.
Their analysis revealed that threat actors are offering fake Pegasus source code, tools, and scripts for hundreds of thousands of dollars, with most posts often following a standard template where illicit services are offered as Pegasus and other NSO Tools to make money.
"Threat actors are creating their own tools and scripts, distributing them under the Pegasus name to capitalize on its fame for financial gain," explains the report's author, Anuj Sharma.
For example, Deanon ClubV7, a TG group, obtained legitimate access to Pegasus and offered permanent access for USD 1.5 million. Within two days, they sold four accesses, earning USD 6,000,000.
The researchers also noted that the perpetrators deployed malware to compromise users' devices, using the Pegasus name to entice them to download malicious programs. Abuse of the surface web code sharing platform was also observed, where the perpetrators spread randomly generated fake source code as Pegasus Spyware.
Don't be fooled by the name
This incident highlights how scammers can use Pegasus source code as a scheme to distribute specially crafted malware. If you encounter a suspicious offer, do not respond to the email, or message, or click on the link provided. Report the incident to the platform where it occurred or a trusted cyberse
curity organization.
0 Comments