CloudSEK Report Highlights the Surge of the Fake Pegasus Spyware Following Apple’s Threat Notifications


CloudSEK, a cybersecurity firm, led an investigation after Apple's threat notifications were sent to iPhone users in 92 countries last month and found that shortly after the warning was issued, the deep web and dark saw an increase in fake Pegasus spyware. Notably, Apple did not name any threat actors in relation to its warning, but it did mention the NSO group's Pegasus spyware as an example. CloudSEK believes this could have led to scammers selling fraudulent malware as Pegasus source code.

CloudSEK research details

After Apple's warning in April, CloudSEK researchers began delving into the deep and dark web as well as the surface web to see if genuine Pegasus spyware could be purchased or if the Scammers were using his name to scam potential buyers. In a report titled “Behind the Advisory: Decoding Apple's Alert and Spyware Dilemma,” the cybersecurity firm said it frequented Internet Relay Chat (IRC) platforms. After analyzing roughly 25,000 posts on Telegram, researchers found that a large portion of the posts claimed to be selling authentic Pegasus source code.

CloudSEK research on Telegram
Photo credit: CloudSEK

These sell alert posts followed the same pattern. He used words like NSO Tools and Pegasus to attract buyers. Interacting with more than 150 potential sellers of this “Pegasus” spyware, the report found that the samples included source code, live video demonstrations of the malware's use, and snapshots of the source code. All this was done with names that suggest Pegasus.

The researchers also found six unique samples called Pegasus HNVC (Hidden Virtual Network Computing) published on the deep web between May 2022 and January 2024, suggesting the proliferation of these samples among threat actors. Similar cases were also found in the surface network.

CloudSEK findings

The cybersecurity group eventually obtained 15 samples and more than 30 indicators from various sources. However, it found that “almost all have been creating their own fraudulent and ineffective tools and scripts, attempting to distribute them under the Pegasus name to leverage the Pegasus and NSO Group name for substantial financial gain.”

Groups of bad actors are believed to have used the hype created by Apple's advisory and the multiple news reports mentioning the Pegasus name and used it to sell random samples of their own creation under the Pegasus label . Although these spyware programs can still be harmful and harm victims, they are likely not associated with NSO Group or Pegasus.

The report has urged a critical examination after a threat attack incident to properly attribute the threat actors, as it can help cybersecurity companies identify and suggest reinforcements and ensure that the panic among people.

Affiliate links may be automatically generated; see our ethics statement for more information.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and technology, subscribe to our YouTube channel. If you want to know all about the best influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

It looks like Google Photos will get a new feature that turns videos into movie clips

Sam Altman's OpenAI signs content deal with News Corp


Leave a Reply

Your email address will not be published. Required fields are marked *