Technical Analysis of Pegasus Spyware

This report is an in-depth technical look at a targeted espionage attack being actively leveraged against an undetermined number of mobile users around the world. Lookout researchers have done deep analysis on a live iOS sample of the malware, detailed in this report. Citizen Lab’s investigation links the software and infrastructure to that of NSO Group which offers a product called Pegasus solution. Pegasus is professionally developed and highly advanced in its use of zero-day vulnerabilities, code obfuscation, and encryption. It uses sophisticated function hooking to subvert OS- and application-layer security in voice/audio calls and apps including Gmail, Facebook, WhatsApp, Facetime, Viber, WeChat, Telegram, Apple’s built-in messaging and email apps, and others. It steals the victim’s contact list and GPS location, as well as personal, Wi-Fi, and router passwords stored on the device. The iOS version of the attack uses what we refer to as Trident, an exploit of three related zero-day vulnerabilities in iOS, which Apple patched in iOS 9.3.5, available as of the publishing of this report.

Here is the link to report.