Fake Pegasus Spyware Surges Following Apple’s Threat Notifications, CloudSEK Finds
A new report from CloudSEK reveals a significant surge in fake Pegasus spyware following Apple’s threat notifications. In this video, we delve into the findings of the CloudSEK report, exploring the reasons behind the increase in fake spyware and the implications for users.
Fake Pegasus Spyware Increases After Apple’s Threat Warnings, Says CloudSEK Report
Researchers found six unique samples called Pegasus HNVC (Hidden Virtual Network Computing) on the deep web between May 2022 and January 2024. This shows the spread of these samples among hackers.
After Apple warned iPhone users in 92 countries about potential threats, cybersecurity firm CloudSEK found a rise in fake Pegasus spyware on the deep and dark web.
Apple didn't name any specific hackers in its warning but mentioned Pegasus spyware from the NSO group as an example. CloudSEK thinks this might have led scammers to sell fake malware as Pegasus source code.
CloudSEK started investigating after Apple's warning in April. Researchers checked the deep, dark, and surface web to see if real Pegasus spyware was available or if scammers were using its name to trick people.
In a report titled “Behind the Advisory: Decoding Apple’s Alert and Spyware Dilemma,” CloudSEK shared its findings. Researchers reviewed about 25,000 posts on Telegram and Internet Relay Chat (IRC) platforms. Many of these posts claimed to sell real Pegasus source code.
These posts used terms like NSO Tools and Pegasus to attract buyers. CloudSEK interacted with over 150 potential sellers of this “Pegasus” spyware. They found samples that supposedly showed source code, live video demos of the malware, and snapshots of the source code, all named Pegasus.
Additionally, researchers found six unique samples called Pegasus HNVC (Hidden Virtual Network Computing) on the deep web between May 2022 and January 2024, showing the spread of these samples among hackers. Similar cases were found on the surface web.
CloudSEK obtained 15 samples and over 30 indicators from various sources. However, it found that “almost all of them are fake, ineffective tools and scripts, trying to profit by using the Pegasus and NSO Group names for significant financial gain.”
It's suspected that malicious groups took advantage of the attention from Apple’s advisory and news reports about Pegasus to sell random samples labeled as Pegasus. Although these spyware samples can still be dangerous and harm victims, they are likely not connected to the NSO Group or the real Pegasus.
The report highlights the need to carefully examine threat sources after an attack to help cybersecurity firms with identification and to provide reinforcement suggestions, while also preventing public panic.
What's Your Reaction?
