Scammers trick victims online by claiming to sell Pegasus spyware

By: Dmitro Koval | 25.05.2024, 09:29

Cybersecurity experts have issued a warning about the widespread abuse of fake Pegasus spyware on the Dark Web, where hackers are using the Pegasus name for financial gain.

Here's What We Know

In response to Apple's recent warning to users in 92 countries about a "for-hire spyware" attack, CloudSEK, a US-based cybersecurity firm, conducted a comprehensive investigation. Its findings reveal widespread misuse of the Pegasus spyware name from NSO Group, serving as a warning to fraudsters and attackers who use its reputation for fraudulent purposes.

After analysing approximately 25,000 messages on Telegram, CloudSEK found numerous claims of selling authentic Pegasus source code. These messages typically offered illegal services, often mentioning Pegasus and NSO tools. Interacting with over 150 potential sellers, CloudSEK obtained information about various samples and metrics shared by these actors, including alleged Pegasus source code, live demonstrations, file structures, and snapshots.

Similar abuses were also observed on superficial web-based code-sharing platforms, where participants distributed falsely associated Pegasus source code.

After analysing 15 samples and more than 30 indicators from various sources, CloudSEK found that almost all of the samples were fraudulent and ineffective. The attackers developed their own tools and scripts, distributing them under the Pegasus name to exploit its popularity for financial gain.
