If you thought the WhatsApp hack by NSO Group early this year was worse, the Israeli company has now improved their spyware to do even more prying. In May, WhatsApp had a critical vulnerability that let attackers install Pegasus through a call that exposed civil rights activists and dissidents to hacking attempts. WhatsApp later issued a patch to close this loophole.
The spyware recently got upgraded to do even more spying. According to the Financial Times, Pegasus can now pry for users data if they use Microsoft, Amazon, Apple, Facebook and Google. The spyware now captures the full history of a user’s location data, photos and messages.
Once installed, Pegasus lifts off login credentials of the iCloud, Google Drive, Facebook’s Messenger. The spyware now gets access to all your data and frighteningly enough, no 2 step authentication is prompted to targetted users as the spyware steals the authentication tokens. The phone plus its location are mimicked under a separate server that then syncs all the data which it sends to surveillance operators.
If this is true, it’s a pretty good way of gaining access to the user’s cloud service — sure. Tokens are only set when an authentication has been completed by the user. Steal them and you’ve basically pwned the victim’s entire account. It’s also difficult to detect misuse. (4/)
— Zack Whittaker (@zackwhittaker) July 19, 2019
According to the Financial Times, no one knows who has been targetted by this updated spyware. However, it has been reported that Q-Cyber, NSO Group’s parent company tried to sell it to Uganda’s government.
NSO says that they sell the software to governments who it hopes will use it for good such as fighting crime and counter terrorist attacks. Worryingly, the same software has been found to be snoop on civil rights activists and journalists mainly in authoritarian states.
Worth noting, the company didn’t deny that they updated their spyware. Some of the tech giants are said to be investigating if their services have been compromised.
In a statement to The Next Web, Google said that they found no evidence of malpractice to users accounts or their systems.
This recent revelation now calls for the faster adoption of more secure methods especially FIDO2 certified ones such as passwordless logins to authenticate your online accounts especially since we’ve now moved to storing our personal information on the cloud.
Users online now want attention diverted from the FaceApp privacy concerns to focus on this recent and pretty huge revelation.
- Uninstall!! Chrome and Firefox Extensions Immediately as They’re Collecting and Selling Your Data
- Hacker Who Crashed Sony Gaming And Other Firms Servers Via DDoS Sentenced To Jailed
- There’a Dangerous Firefox Zero-Day In The Wild, Update Your Browser Now To Save Yourself From Hackers!
- 15 Legit Data Entry Jobs From Home, Totally Free 
- Indiana County Pays Cybercriminals $130,000 To Free Its Systems From Ryuk Ransomware
- Huawei’s HongMengOS Is More Than Just an Android Replacement, Slated for Use by IoT Devices and Self-Driving Cars
- Twitter Was Down For An Hour And Users Flocked To Facebook To Complain
- London Cop Who Illegally Accessed Police Database To Monitor Criminal Investigation Into Himself Is Now A Convicted Criminal
- WhatsApp is Down – Users Can’t Upload, View Status or Media Files Sent
Thank you for reading this blog and welcome back again! We are happy to see you here. Did you like this post? Kindly share the post using the buttons below. Drop your comments below in the comment box.