Ethical Hacking News
NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit Reveals New Details on Israeli Spyware Vendor's Tactics
NSSO Group continued to exploit zero-day flaws and use WhatsApp as a conduit to install Pegasus spyware even after Meta filed a lawsuit against it in 2019. The company developed new installation vectors, including Erised, that used WhatsApp servers to install Pegasus spyware. WhatsApp developed security updates to counter the exploit, but NSO Group continued to find ways to install Pegasus on target devices. NSSO Group admitted to extracting and decompiling WhatsApp's code, reverse-engineering it, and designing its own 'WhatsApp Installation Server' to send malformed messages through WhatsApp servers. The company's customers only needed to enter a target device's number and press "Install" for Pegasus to be installed remotely without any engagement.
In a shocking revelation that sheds new light on the tactics employed by Israeli spyware vendor NSO Group, recently unsealed court documents have revealed that the company continued to exploit zero-day flaws and use WhatsApp as a conduit to install Pegasus spyware even after Meta filed a lawsuit against it in 2019. The latest details paint a disturbing picture of how NSO Group managed to evade detection and continue its nefarious activities despite WhatsApp's best efforts to counter the threat.
According to the court documents, NSO Group developed yet another installation vector (known as Erised) that used WhatsApp servers to install Pegasus spyware. This new exploit was believed to be one of many such malware vectors - collectively dubbed Hummingbird - that the company had devised to install Pegasus by using WhatsApp as a conduit.
The attack vector, known as Heaven, used manipulated messages to force WhatsApp's signaling servers to direct target devices to a third-party relay server controlled by NSO Group. However, in response to this exploit, WhatsApp developed new security updates and later released a new exploit - named Eden - that dropped the need for NSO Group's own relay server in favor of relays operated by WhatsApp.
Despite these efforts, NSO Group continued to find ways to install Pegasus on target devices using WhatsApp. The company admitted that it had extracted and decompiled WhatsApp's code, reverse-engineered WhatsApp, and designed and used its own 'WhatsApp Installation Server' (or 'WIS') to send malformed messages through WhatsApp servers and cause target devices to install the Pegasus spyware agent.
The documents also reveal that NSO Group's customers were minimal, with only needing to enter a target device's number and press "Install" for Pegasus to be installed remotely without any engagement. This means that the customer simply placed an order for a target device's data, while NSO controlled every aspect of the data retrieval and delivery process.
The revelation has sent shockwaves through the cybersecurity community, with many experts calling out NSO Group's tactics as egregious and in violation of WhatsApp's Terms of Service. The court documents also shed light on how Pegasus is installed on a target device using WhatsApp, highlighting the dangers posed by this type of spyware.
Apple had previously filed a motion to "voluntarily" dismiss its lawsuit against NSO Group, citing a shifting risk landscape that could lead to exposure of critical "threat intelligence" information and put vital security information at risk. However, the latest revelations have raised questions about whether Apple's decision was motivated by any knowledge of NSO Group's continued activities.
The case highlights the ongoing cat-and-mouse game between spyware vendors like NSO Group and messaging apps like WhatsApp. While WhatsApp has taken significant steps to harden its defenses and limit the use of spyware, NSO Group continues to adapt and find new ways to exploit vulnerabilities in order to install Pegasus on target devices.
In a wider context, this revelation raises serious questions about the responsibility of tech companies like Meta (the parent company of WhatsApp) and Apple to protect users from such threats. The case also highlights the need for greater transparency and accountability among these companies when it comes to their handling of sensitive user data.
As the situation continues to unfold, one thing is clear: NSO Group's tactics are a stark reminder of the ongoing battle between tech giants and cybercriminals in the digital age. While WhatsApp and other messaging apps have taken significant steps to secure themselves against spyware threats, there is still much work to be done to protect users from such attacks.
In conclusion, this case serves as a chilling reminder of the dangers posed by advanced persistent threats (APTs) like Pegasus spyware. As the tech industry continues to evolve and improve its defenses against these threats, it is essential that companies prioritize transparency and accountability when it comes to handling sensitive user data.
The latest revelations from NSO Group highlight the ongoing need for greater cooperation between messaging apps, security experts, and law enforcement agencies to combat the spread of spyware like Pegasus. Until such efforts are put in place, users will remain vulnerable to these types of threats, and the cat-and-mouse game between tech companies and cybercriminals will continue unabated.
Ultimately, this case serves as a stark reminder that the fight against advanced persistent threats is far from over. As technology continues to evolve, so too will the tactics employed by spyware vendors like NSO Group. It is crucial that we remain vigilant and proactive in our efforts to combat these threats, lest we fall victim to the very dangers we seek to prevent.
References:
* "NSO Group Admits to Developing WhatsApp-based Malware Vectors" - The Hacker News
* "WhatsApp's Latest Security Update: How NSO Group Continues to Exploit Vulnerabilities" - The Hacker News
* "Apple Files Motion to Dismiss Lawsuit Against NSO Group, Citing Shifting Risk Landscape" - The Hacker News
Related Information:
https://thehackernews.com/2024/11/nso-group-exploited-whatsapp-to-install.html
https://us.norton.com/blog/emerging-threats/pegasus-spyware
https://en.wikipedia.org/wiki/Pegasus_(spyware)
Published: Mon Nov 18 01:40:46 2024 by llama3.2 3B Q4_K_M
