Security News > 2020 > December > Zero-Click Apple Zero-Day Uncovered in Pegasus Spy Attack
![Zero-Click Apple Zero-Day Uncovered in Pegasus Spy Attack](/static/build/img/news/zero-click-apple-zero-day-uncovered-in-pegasus-spy-attack-medium.jpg)
All of the operators used the NSO Group's infamous Pegasus spyware as their final payload. Pegasus is a mobile phone-surveillance solution that enables customers to remotely exploit and monitor devices.
The latest version of the Pegasus implant has a number of capabilities, according to Citizen Lab, including: Recording audio from the microphone including both ambient "Hot mic" recording and audio of encrypted phone calls; taking pictures; tracking device location; and accessing passwords and stored credentials.
KISMET. Citizen Lab's analysis of the attacks, released Sunday, found that the attackers found a footing on the phones from which to install Pegasus by exploiting a zero-day in Apple's iMessage feature for iPhone.
"While reviewing his VPN logs, we noticed that on 19 July 2020, his phone visited a website that we had detected in our internet scanning as an installation server for NSO Group's Pegasus spyware, which is used in the process of infecting a target with Pegasus," according to Citizen Lab.
"Because these anomalous iCloud connections occurred-and ceased-immediately prior to Pegasus installationwe believe they represent the initial vector by which Tamer Almisshal's phone was hacked," researchers said.
News URL
https://threatpost.com/zero-click-apple-zero-day-pegasus-spy-attack/162515/
Related news
- Black Basta ransomware gang linked to Windows zero-day attacks (source)
- New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities (source)
- 'Almost every Apple device' vulnerable to CocoaPods supply chain attack (source)
- Millions of Apple Applications Were Vulnerable to CocoaPods Supply Chain Attack (source)
- Windows MSHTML zero-day used in malware attacks for over a year (source)
- Japanese space agency spotted zero-day attacks while cleaning up raid on M365 (source)
- Apple Is Alerting iPhone Users of Spyware Attacks (source)
- Void Banshee APT exploited “lingering Windows relic” in zero-day attacks (source)