Pegasus spyware which is often used against journalists and opposition has been found in 45 countries, possibly including the UK.
Cyber security researchers have found evidence that a piece of malware dubiously referred to as ‘lawful intercept’ software has been deployed against victims in 45 countries.
The malware, known as Pegasus, was created by Israeli cyber-security firm NSO and has been around for at least three years, when it was first detailed in a report over the summer of 2016.
Researchers scanned the internet between 2016 and 2018, looking for servers associated with the Pegasus.
“The number of Pegasus servers we detected in our scans ballooned from about 200 in 2016 to almost 600 in 2018. This may be an indication that NSO Group is scaling up their operations,” Bill Marczak, senior research fellow at The Citizens Lab and one of the researchers on the team, told the security news website Threatpost here.
Pegasus is modular malware. After scanning the target’s device, it installs the necessary modules to read the user’s messages and mail, listen to calls, capture screenshots, log pressed keys, exfiltrate browser history, contacts, and so on and so forth. Basically, it can spy on every aspect of the target’s life.
The company that created the spyware, NSO Group, state that they provide “authorized governments with technology that helps them combat terror and crime”.
The researchers found suspected NSO Pegasus infections associated with 33 of the 36 Pegasus operators.
“We identified in 45 countries: Algeria, Bahrain, Bangladesh, Brazil, Canada, Cote d’Ivoire, Egypt, France, Greece, India, Iraq, Israel, Jordan, Kazakhstan, Kenya, Kuwait, Kyrgyzstan, Latvia, Lebanon, Libya, Mexico, Morocco, the Netherlands, Oman, Pakistan, Palestine, Poland, Qatar, Rwanda, Saudi Arabia, Singapore, South Africa, Switzerland, Tajikistan, Thailand, Togo, Tunisia, Turkey, the UAE, Uganda, the United Kingdom, the United States, Uzbekistan, Yemen, and Zambia. As our findings are based on country-level geolocation of DNS servers, factors such as VPNs and satellite Internet teleport locations can introduce inaccuracies.”
The data published by Citizen Lab reveals the existence of 36 different groups who deployed the Pegasus spyware against targets located in 45 countries, the surprising part is that this list includes the US, France, Canada, Switzerland, and the UK, countries known to have democratic governments in place.
Citizen Lab says ten of these 36 groups appear to be conducting surveillance in multiple countries and have not limited their spying inside their own country’s borders, an act that may violate surveillance laws active in the states where Pegasus victims may be located.