Why in news?

Apple recently sent out warnings to iPhone users in India and 91 other countries. The company informed users saying that their iPhones might be under attack by a type of spyware called mercenary spyware, including one called Pegasus.

In October 2023, they sent similar warnings to politicians from different parties in India, suggesting a possible state-sponsored spyware attack on their iPhones. However, Apple later said they could not pinpoint any specific attacker.

What’s in today’s article?

• Spyware and malware
• Mercenary spyware attack
• Pegasus

Spyware and malware

• Spyware and malware are types of harmful software designed to infiltrate and damage computers or devices.
• Spyware
  • Spyware specifically focuses on spying on a user's activities, such as browsing habits, keystrokes, or personal information, without their consent.
  • It often aims to gather data for advertising purposes or identity theft.
• Malware
  • Malware, short for malicious software, encompasses a broader range of harmful programs that can include viruses, worms, ransomware, and more.
  • Malware typically aims to disrupt, damage, or gain unauthorized access to a computer system or network.

Mercenary spyware attacks

• About
  • Mercenary spyware attacks are highly complex, targeting specific individuals with exceptional resources, surpassing regular cybercriminal activity and consumer malware.
  • They are difficult to detect & prevent due to their substantial investment & short lifespan. They have been targeting some users, but most people are probably safe.
  • These attacks represent some of the most sophisticated digital threats globally, prompting Apple to abstain from assigning them to specific attackers or regions.
• Aim
  • Mercenary spyware is designed to remotely infiltrate and compromise smartphones and other devices without the knowledge or consent of the users.
  • These surveillance tools could be used to monitor movements and communications, steal private data, etc.
  • In some cases, governments, intelligence agencies, and law enforcement bodies have reportedly bought mercenary spyware wherein political opponents and activists are often targeted.
• Examples
  • Companies producing mercenary spyware include the NSO Group, FinFisher, and Hacking Team.
    • NSO Group's flagship spyware Pegasus helps infiltrate devices remotely and access calls, emails, messages, and other files.
    • Finfisher's products like FinSpy can capture keystrokes and access data besides activating microphones and cameras without permission.
    • The Hacking Team's Galileo aka Remote Control System (RCS) also can capture keystrokes and record video calls besides accessing the camera and microphone.

Pegasus Spyware

• Pegasus is a malware/spyware developed by Israel’s NSO Group.
• The spyware suite is designed to access any smartphone through zero-click vulnerabilities
• Once a phone is infiltrated, the spyware can access entire data on that particular phone.
• It also has real-time access to emails, texts, phone calls, as well as the camera and sound recording capabilities of the smartphone.

Zero-click exploit

• About
  • It refers to malicious installed on a device without the device owner’s consent.
  • More importantly, it does not require the device owner to perform any actions to initiate or complete the installation.
• Specific exploit used in the present case involving Indian journalists
  • The specific exploit allegedly in use on the two devices is called BLASTPAST (previously identified as BLASTPASS). It plays out in two phases.
  • In the first, the attack attempts to establish a link with the Apple HomeKit - which gives users a way to control multiple smart devices - on the target’s device.
    • The purpose of the first phase could be to determine how the device can be exploited or to keep it in sight for further exploitation in the future.
  • In the second, some malicious content is sent via the iMessage app to the target.
    • This phase is the one that delivers the full spyware payload.