Security News > 2020 > December > Zero-Click Apple Zero-Day Uncovered in Pegasus Spy Attack
All of the operators used the NSO Group's infamous Pegasus spyware as their final payload. Pegasus is a mobile phone-surveillance solution that enables customers to remotely exploit and monitor devices.
The latest version of the Pegasus implant has a number of capabilities, according to Citizen Lab, including: Recording audio from the microphone including both ambient "Hot mic" recording and audio of encrypted phone calls; taking pictures; tracking device location; and accessing passwords and stored credentials.
KISMET. Citizen Lab's analysis of the attacks, released Sunday, found that the attackers found a footing on the phones from which to install Pegasus by exploiting a zero-day in Apple's iMessage feature for iPhone.
"While reviewing his VPN logs, we noticed that on 19 July 2020, his phone visited a website that we had detected in our internet scanning as an installation server for NSO Group's Pegasus spyware, which is used in the process of infecting a target with Pegasus," according to Citizen Lab.
"Because these anomalous iCloud connections occurred-and ceased-immediately prior to Pegasus installationwe believe they represent the initial vector by which Tamer Almisshal's phone was hacked," researchers said.
News URL
https://threatpost.com/zero-click-apple-zero-day-pegasus-spy-attack/162515/
Related news
- Rackspace monitoring data stolen in ScienceLogic zero-day attack (source)
- Qualcomm patches high-severity zero-day exploited in attacks (source)
- Ivanti warns of three more CSA zero-days exploited in attacks (source)
- Mozilla fixes Firefox zero-day actively exploited in attacks (source)
- Firefox Zero-Day Under Attack: Update Your Browser Immediately (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
- Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) (source)
- Google fixes two Android zero-days used in targeted attacks (source)