Pegasus-style spyware found on thousands of smartphones
Cybersecurity researchers have found spyware, similar to the notorious ‘Pegasus’ malware peddled by Israeli company NSO Group, on thousands of South Korean smartphones. The software is disguised as innocent yoga and photo apps.
Used by governments worldwide to spy on rival politicians, foreign powers, journalists, lawyers, and business figures, NSO Group’s Pegasus malware has gotten significant media attention since its existence was revealed earlier this year by activists. While the Israeli firm has found itself maligned by the press and blacklisted by Washington, similar snooping software is reportedly still active and going unnoticed, as highlighted in a report published on Wednesday by cybersecurity company Zimperium.
The article examines the PhoneSpy software, which is aimed at South Korean Android users. According to Zimperium, “PhoneSpy hides in plain sight, disguising itself as a regular application with purposes ranging from learning Yoga to watching TV and videos, or browsing photos.” These apps aren’t found on the Android app store, meaning users had to download them directly, likely by clicking malicious links or through “social engineering.”
Once installed, PhoneSpy gives snoops access to virtually every function of the target’s smartphone. Cameras and microphones can be remotely activated, call logs and messages retrieved, GPS coordinates tracked, and web traffic monitored.
Zimperium’s report did not identify who was actually using PhoneSpy to surveil targeted phones, but it said that “thousands of South Korean victims have fallen prey to the spyware campaign.” As the fake apps were all South Korean, the spying operation is believed to be limited to that country.
PhoneSpy is one of several Pegasus-like programs currently suspected of being in operation. When the US added NSO Group to its trade blacklist earlier this month, it also added Russian firm Positive Technologies and Singapore’s Computer Security Initiative Consultancy, claiming that both trafficked in “cyber tools” used to gain “unauthorized access to computer systems.”
If you like this story, share it with a friend!