Security News > 2020 > December > Zero-Click Apple Zero-Day Uncovered in Pegasus Spy Attack

All of the operators used the NSO Group's infamous Pegasus spyware as their final payload. Pegasus is a mobile phone-surveillance solution that enables customers to remotely exploit and monitor devices.

The latest version of the Pegasus implant has a number of capabilities, according to Citizen Lab, including: Recording audio from the microphone including both ambient "Hot mic" recording and audio of encrypted phone calls; taking pictures; tracking device location; and accessing passwords and stored credentials.

KISMET. Citizen Lab's analysis of the attacks, released Sunday, found that the attackers found a footing on the phones from which to install Pegasus by exploiting a zero-day in Apple's iMessage feature for iPhone.

"While reviewing his VPN logs, we noticed that on 19 July 2020, his phone visited a website that we had detected in our internet scanning as an installation server for NSO Group's Pegasus spyware, which is used in the process of infecting a target with Pegasus," according to Citizen Lab.

"Because these anomalous iCloud connections occurred-and ceased-immediately prior to Pegasus installationwe believe they represent the initial vector by which Tamer Almisshal's phone was hacked," researchers said.

News URL

https://threatpost.com/zero-click-apple-zero-day-pegasus-spy-attack/162515/