Antispyware Archives – Gridinsoft Blog https://gridinsoft.com/blogs/tag/antispyware/ Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Thu, 01 Dec 2022 22:41:13 +0000 en-US hourly 1 https://wordpress.org/?v=72848 200474804 Pegasus Spyware — The Most Dangerous Malware https://gridinsoft.com/blogs/pegasus-spyware/ https://gridinsoft.com/blogs/pegasus-spyware/#respond Thu, 22 Sep 2022 11:58:55 +0000 https://gridinsoft.com/blogs/?p=10702 Pegasus Spyware is a malicious program that is covered with multiple layers of secrets, rumours and false claims. That military-grade malware is something like a legend, that sometimes makes people think it is rather mythical than real. Still, the real Pegasus appears from time to time, just to notify everyone that it is still the… Continue reading Pegasus Spyware — The Most Dangerous Malware

The post Pegasus Spyware — The Most Dangerous Malware appeared first on Gridinsoft Blog.

]]>
Pegasus Spyware is a malicious program that is covered with multiple layers of secrets, rumours and false claims. That military-grade malware is something like a legend, that sometimes makes people think it is rather mythical than real. Still, the real Pegasus appears from time to time, just to notify everyone that it is still the best spying software through all that has ever existed.

What is Pegasus Spyware?

Pegasus is a spying software, developed by NSO Group around 2011. There are no precise terms available, and the community can only estimate its release date by its first appearance. It likely saw its first application in 2012, when it was supplied to the Panama government. Such a mystery is explained pretty simply – NSO is a subordinate company of the Israeli government. The primary purpose of this software was to spy upon anti-Israelian activists, war criminals, and persons suspected of spying for other countries. One may say, it is an example of a cyberweapon – the most modern and pretty effective one.

Pegasus control panel
Pegasus spyware control panel

Its functionality is pretty wide since by design it should be able to provide all possible information about the victim to the person who controls it. Originally, it was oriented on iOS devices, and only several Android attack cases were spotted. There is another malware developed by NSO Group – Chrysaor spyware – that is apparently the Pegasus version which has some adjustments for more efficient attacks on Android devices.

How is Pegasus Spyware Spread?

As Pegasus is a very precise tool that is sold for a pretty big price, there is no massiveness in its spreading – only point strikes that aim at designated persons. Most Google queries like “pegasus spyware download” will lead you to sites that offer a counterfeit for a large sum, or just spyware that will infect your device. NSO Group usually signs a contract with its counterparty (the govt of another country) where the key points about the program usage are stated. In particular, the developers leave the right to decide which amount of functions will be available to a certain country. There is also a contract clause that the government must use the Pegasus only for counter-terroristic actions and for national security needs.

On the devices of users who somehow managed to become a threat to national security, the Pegasus arrives generally through social engineering. Still, the approaches used still differ from classic Facebook spam or something like that. As those persons usually suspect that someone can try to attack them in that way, they will not recklessly click whatever they see. A pretty useful habit for everyone, but not everyone risks getting the Pegasus or spyware, comparable by the level of danger.

How does Pegasus work?

The typical ways of this spyware injection are the following:

Phishing links are sent via popular messenger or to the email. Usually, those are WhatsApp, iMessage or Facebook – these places are pretty popular among other cybercriminals as well. But this time, the message receives a way more serious disguise – thanks to the “extended” abilities of governmental companies. The latter can easily uncover when the subject of surveillance awaits the delivery, or an invoice from an insurance company.

Zero-click vulnerability exploitation. This rare type of exploit is even harder to imagine in iOS, which stands out with its security features. However, this breach in iMessage is actual for all versions up to 14.7 – then Apple claimed it fixed the breach. To be trapped, it was not required even to open the app or read the message – once received, it already was able to install the Pegasus. As researchers say, this bug could be present in the operating system since iOS 7 – which was released in 2013.

iMessage zero-click vulnerability SMS
These SMS were used to deliver Pegasus

Photos app exploitation. Apple implemented its unique way for iPhones, iPads, Macs and the rest of their product lineup to process the images. However, as it was uncovered, this method made it possible to exploit the Tagged Image File Format (TIFF) files for remote code execution. The breach received the index of CVE-2016-4631. Crooks were sending the photo to a victim, and once they tried to open it – the code was executed and the Pegasus was delivered.

Apple Music MitM attacks. Apple Music application – a cross-platform mobile music library that is present on both iOS and Android, had a security flaw in its version for iOS 11. It lacked the diligent checkup of certain SSL certificates from the server. This cert serves for making sure that the server the app has connected to is genuine, and that no one can eavesdrop on the traffic. However, the uncovered flaw made it possible to spoof the certificate and connect the device to a hacker’s server, giving them the ability to interact with the system without any restrictions and security alarms. That flaw got the index of CVE-2017-2387.

Pegasus Spyware technical details

The sophisticated delivery ways I have mentioned above already made this malware quite unique. But the things under its hood are even more amazing – that’s the real representation of how well the malware may be made. Contrary to most of the malware you can see for sale in the Darknet, it is made for being way more autonomous – so even the target who expects the spying will likely miss its presence. It also tries to usethe deep integration to the attacked system by getting information directly from the hardware. That helps the Pegasus to circumvent the OS restrictions or spoofing techniques.

Pegasus Spyware IoC
Indicators of Compromise for Pegasus Spyware

Pegasus is capable of reading SMS, emails, recording cellular and VoIP calls, and enabling the mic and camera to record the environment around the phone. It also has full access to the device memory: this malware can harvest photos and videos present on the device, as well as a calendar and contact book. Thus, it is theoretically capable of deleting certain data from the phone – but it goes against stealthiness. This malware can also grab the information about the current phone location – regardless if there are any software location spoofers present, it will get the info directly from the GPS chip.

Aside from the “deep” data, Pegasus is also able to dig into the programs to get the information. Popular apps like WhatsApp, Viber and Facebook Messenger can easily be accessed, resulting in stolen conversations, and even more contacts leaked. Researchers say about over 50,000 contacts that Pegasus have successfully stolen from the attacked devices. As this spyware always runs with root privileges, it can even recover the data that was deleted some time ago – of course, if it is possible for the storage device technology.

The infamous spyware can also perform self-destruction under different circumstances. If it cannot connect to the command server for more than 2 months (60 days), it automatically destructs itself, together with the packages of gathered data. Alternatively, it may be self-destructed from the device after the corresponding command from the server. It also provides some alternative ways of installation – even with physical access to the device.

Pegasus and the international community

According to the reports from different sources, there are thousands of people from all over the world who were attacked with Pegasus Spyware. Some of them were breached through WhatsApp, some got a malicious iMessage SMS. The only thing that unites them, aside from the payload, is the fact that they had no way to prevent that. Most of the injection cases were done through zero-day vulnerabilities that were uncovered later by the developers. This thing, considering that spying is not a very moralistic act, creates a lot of awkward questions.

First of all, do the governments have a right to spy on the person they want to? When buying the Pegasus, govts promise they will use the tool only against the persons who pose a threat to national security. However, this category’s borders are blurred. Some Muslim countries have proven that by spying on human rights activists, in particular – women who promoted women’s rights in Middle East countries.

Second – is there a way to prevent that? Obviously, this question appeared almost immediately after the Pegasus identification. An infamous Anti-Pegasus tool, anti-spyware software that is designed only to detect and wipe out the Pegasus, became not just an item of constant speculations, but also the disguise for the other malware. Still, it does not provide you with a guarantee that malware will be deleted, since this spyware is extremely secretive.

On the other hand, installing the last security updates and using the most modern smartphones will likely not help at all. Hackers who deploy malware use the most unexpected ways, which are not countered by software patches or other stuff. To be honest, there is no way to prevent zero-day exploitation on mobile phones – just because there are no solutions capable of doing that without dealing serious harm to the phone’s performance. Apple implemented a Lockdown mode in iOS 16, which supposes a harsh restriction on the device’s functionality for maximum security. Will this trade-off be effective? Only time will tell us.

The post Pegasus Spyware — The Most Dangerous Malware appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/pegasus-spyware/feed/ 0 10702
Top Working Antispyware Tips 2022 https://gridinsoft.com/blogs/top-antispyware-tips/ https://gridinsoft.com/blogs/top-antispyware-tips/#respond Wed, 21 Sep 2022 19:18:41 +0000 https://gridinsoft.com/blogs/?p=10683 The user risks being compromised by using the Internet. The intruders are still trying to hijack your confidential data and credit card numbers, distribute spyware, and the like. With each passing day, their penetration methods into your OS are becoming more sophisticated, which is something to watch out for. Spyware is one of those ways… Continue reading Top Working Antispyware Tips 2022

The post Top Working Antispyware Tips 2022 appeared first on Gridinsoft Blog.

]]>
The user risks being compromised by using the Internet. The intruders are still trying to hijack your confidential data and credit card numbers, distribute spyware, and the like. With each passing day, their penetration methods into your OS are becoming more sophisticated, which is something to watch out for. Spyware is one of those ways hackers can get everything they need. To avoid this, we have provided you with an Antispyware guide that will help you protect your device from unwanted threats.

What Is Spyware?

Spyware is a type of malware that aims to infect your mobile device or computer and gather information about you and your online activity. The list of such information includes your details, payment information of your cards, insurance numbers, and the like. Spyware penetrates without the user’s knowledge by recording keystrokes, attaches to the operating system, and starts to perform unauthorized actions.

Top 6 Antispyware Tips to avoid a spyware attack

These tips are only valid if you adhere to them. They are based on what the attackers do most often in other cyber attacks. So whether or not to use them for your safety is your right. For example: Pegasus Spyware is malware that is covered in many secrets, rumors, and false claims.

Top Working Antispyware Tips 2022

1. Disable the USB autorun feature

The auto-start feature is activated on your device by default; if you connect a USB to your computer, a pop-up window appears with the ability to view folders or files. Unfortunately, with this feature, malware such as worms, trojans, and spyware can, under the guise of some document, infiltrate the user’s device.

autorun

2. Be wary of freeware

The freeware is all over the Internet, almost every step of the way. Most can be useful, but that doesn’t mean some can be filled with malware. In addition, the most harmless freeware can be infected with spyware. Therefore, checking what you are trying to download or install on your device is best.

3. Beware of popup ads

Pop-up windows and banners, like flies, annoy and climb into the eyes. At first glance, they are harmless and carry no semantic load. But attachments, links, and sites to which the user goes, if you click on them, can be malicious. Your task is to disable this feature altogether. You can do this by right-clicking on the edge of the window at the top and selecting “Close”. If the “Close” or “Cancel” buttons are displayed on these pop-up windows, ignore them, this may be a tempting maneuver.

pop-up advertising

4. Never download attachments in emails from unknown or unsolicited senders

Be careful what you see in letters from unknown sources. Such letters are aimed at getting your trust. Attachments and links are often used in these emails to disclose confidential information or install a malicious application or program on your PC. If you doubt the legitimacy of this letter, which an official bank or shop writes, then contact the authorized person of the enterprise and confirm what was sent to you by email. Your precautions will help you avoid unnecessary trouble. Also, check the URL if you confirm a link, and best of all, enter it manually in your internet browser.

5. Keep OS and other software up-to-date

Outdated software or OS can be the door for hackers. Updates are created as hackers develop new ways to access a PC through security breaches. Therefore, ignoring new updates is not worth it for your safety. In addition, outdated software can have a huge number of vulnerabilities, thanks to which a hacker can implement its spyware.

6. Use a multilayered antivirus solution

Over the years, attackers have learned to make their malware more invisible and resistant to various antispyware programs. Therefore robust and reliable antispyware is the best you can do against malware of different types. Antispyware is what you need. First, let’s focus on the fact that it can remove spyware from your device. In addition, it will remove all other trojans, rootkits, and viruses, even if you were unaware of their existence on your device. Scanning this program will monitor your network activity and prevent malware from penetrating your device. This way, thanks to GridinSoft Anti-Malware, you can keep your privacy and security.

The post Top Working Antispyware Tips 2022 appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/top-antispyware-tips/feed/ 0 10683