
Pegasus, the spyware that was responsible for the recent breach of privacy within WhatsApp, seems to be capable of much more than advertised. The malware can scrape user information from public accounts on Facebook, Google, Microsoft, and Apple for specific targets. Additionally, it may be able to access documents users upload to the cloud, even if the infection is no longer active for intercepting encrypted messages. The malicious software is the product of an Israeli company named NSO Group. Previous iterations of Pegasus required users to click on a link to activate the malware on their phones. The newest version requires the malicious software to be present on the handset for activation.
Most messenger programs have invested in end-to-end encryption, ensuring that data sent from one user gets to the other without a chance of interception. To work around this, Pegasus intercepts data before it’s encrypted, allowing the company to sell that data at a very high price to interested parties. While it is a threat, the attacks that usually happen are targeted, and have a limited viability window, since they are useless once WhatsApp patches into a new version.
Extended Threat Level
While the concern for Pegasus in the past was intercepting encrypted messages, something even more malicious is afoot. Even after Pegasus has been removed or is non-functional on a system, NSO Group seems to be able to access any document uploaded from the device onto the cloud. In a pitch sent to the government of Uganda earlier this year, NSO Group claims that Pegasus advertised the expanded capability of the software to gain access to cloud data.
NSO Group maintains that it doesn’t advertise its services to governments, but it does not deny that it has the capability represented in the Pegasus documents. Mexican NGOs, in collaboration with Citizen Lab, have announced that the Mexican government previously employed Pegasus as a tool to conduct illegal data collection on activists, journalists, and lawyers. With the extended scope of Pegasus, more governments who want to control public information may likely employ its use in the future.