S
pyware Pegasus is unavoidable completely. However, according to Kaspersky, we can complicate the action of the spyware made by NSO.
The Pegasus spyware, based on existing reports, targets journalists, politicians, human rights advocates, lawyers, activists, and others. Therefore, Costin Raiu, Head of Kaspersky's Global Research and Analysis Team (GReAT), compiled a number of recommendations to avoid the action of this spyware.
Pegasus, Chrysaor, Phantom, and others are called 'legal surveillance software', which are developed by private companies and widely used through various exploits, including several iOS zero-click zero-days.
The earliest version of Pegasus was captured by researchers in 2016. Since then, more than 30,000 human rights activists, journalists and lawyers around the world may have been the target of Pegasus attacks.
Here are some suggestions that improve your device's defense against sophisticated mobile malware attacks:
First of all, it is important to reboot the mobile device every day. Rebooting helps to 'clean' the device, this means that attackers will have to constantly reinstall Pegasus on the device—so it's highly likely that the infection will eventually be detected by security solutions.
Keep mobile devices up to date and install the latest patches as soon as they come out. In fact, many of the exploit kits can target vulnerabilities that have already been patched, but will still be more dangerous for those running older phones and delaying updates.
Never click on a link received in a message. This is a simple but effective suggestion. Some Pegasus customers rely more on 1-click exploits than clickless ones. This comes in the form of messages, sometimes via SMS, but it can also be via other messengers or even email. If you receive an interesting SMS (or via another messenger) with a link, open it on a desktop computer, preferably using the TOR Browser, or better yet a secure non-persistent OS like Tails.
Also, don't forget to use an alternative web browser for web searches. Certain exploits don't work well in alternative browsers like Firefox Focus when compared to more traditional browsers like Safari or Google Chrome.
Always use a VPN; doing so makes it harder for attackers to target users based on their internet traffic. When you're about to subscribe to a VPN, there are a few things to consider: looking for a reliable service that's been around for a while, can accept payments with cryptocurrencies and doesn't require you to provide any registration info.
Install a security app that can check and warn if the device is jailbroken. In order to survive on the device, attackers using Pegasus will often resort to jailbreaking the targeted device. If users have a security solution installed, they will get a warning about the attack.
If you're an iOS user, periodically trigger sysdiags and save it to an external backup. Forensic artifacts can help alert you if you have been targeted. Kaspersky experts also recommend at-risk iOS users to disable FaceTime and iMessage. Because it's enabled by default, it's a dangerous campaign delivery mechanism for the clickless chain for years.
"In general, Pegasus attacks are highly targeted—meaning they don't infect people en masse but rather specific categories. Many journalists, lawyers and human rights activists have been identified as targets for these sophisticated cyberattacks, but they generally lack the tools or knowledge to fortify defense," explained Raiu, in a statement received by us, Monday (7/2/2022).
"Our mission is to make the world safer, therefore Kaspersky will do its best to provide the best protection techniques against malware, hackers and advanced threats like this," he concluded.