Scammers speculate on Apple's decision, which led to massive iPhone infections.
The information security company CloudSEK warns about scammers who sell fake software advertised as Pegasus from NSO Group.
The fake program was discovered after analyzing about 25,000 messages from people offering Pegasus and other NSO Group tools on Telegram. The specialists then interacted with more than 150 potential sellers, who provided access to 15 samples and more than 30 Indicators of Compromise (IoC).
Indicators of compromise included the source code of the intended Pegasus samples, real-time sample demos, and file structure. Almost all of the samples were fraudulent and ineffective, but some sold for hundreds of thousands of dollars. One of the sellers offered permanent access to Pegasus for $1.5 million and claimed to have made 4 sales in 2 days.
Fake spyware has also been found on other code-sharing platforms, where CloudSEK claims the attackers distributed their own randomly generated source codes.
Example of one of the files for downloading the supposedly source code
CloudSEK began investigating Pegasus sales after Apple decided in April to stop attributing spyware attacks to a specific source, and instead began classifying them as a mercenary spyware attack ("mercenary spy attack"). The corporation's announcement coincided with notifications of remote iPhone hacking in 92 countries.
CloudSEK wasn't the only organization to act after Apple's policy change. The company's researchers found that scammers selling fake "permanent access" to Pegasus were cheering and cheering on Apple's notification inside.
CloudSEK notes that sellers of fraudulent code not only benefit from a well-known brand by advertising the product as belonging to the NSO Group, but it also helps them stay out of sight by selling specially developed spyware under the name of another company.
At the moment, NSO Group has not provided any comments on the forgeries and their impact on the company's business.
Pegasus is an advanced spy software that the Israeli company NSO Group sells to governments around the world. The program is intended for use in criminal prosecutions and intelligence, but is often used against activists, politicians, and journalists.
The information security company CloudSEK warns about scammers who sell fake software advertised as Pegasus from NSO Group.
The fake program was discovered after analyzing about 25,000 messages from people offering Pegasus and other NSO Group tools on Telegram. The specialists then interacted with more than 150 potential sellers, who provided access to 15 samples and more than 30 Indicators of Compromise (IoC).
Indicators of compromise included the source code of the intended Pegasus samples, real-time sample demos, and file structure. Almost all of the samples were fraudulent and ineffective, but some sold for hundreds of thousands of dollars. One of the sellers offered permanent access to Pegasus for $1.5 million and claimed to have made 4 sales in 2 days.
Fake spyware has also been found on other code-sharing platforms, where CloudSEK claims the attackers distributed their own randomly generated source codes.
Example of one of the files for downloading the supposedly source code
CloudSEK began investigating Pegasus sales after Apple decided in April to stop attributing spyware attacks to a specific source, and instead began classifying them as a mercenary spyware attack ("mercenary spy attack"). The corporation's announcement coincided with notifications of remote iPhone hacking in 92 countries.
CloudSEK wasn't the only organization to act after Apple's policy change. The company's researchers found that scammers selling fake "permanent access" to Pegasus were cheering and cheering on Apple's notification inside.
CloudSEK notes that sellers of fraudulent code not only benefit from a well-known brand by advertising the product as belonging to the NSO Group, but it also helps them stay out of sight by selling specially developed spyware under the name of another company.
At the moment, NSO Group has not provided any comments on the forgeries and their impact on the company's business.
Pegasus is an advanced spy software that the Israeli company NSO Group sells to governments around the world. The program is intended for use in criminal prosecutions and intelligence, but is often used against activists, politicians, and journalists.
