Security News > 2021 > October > Beware of Fake Amnesty International Antivirus for Pegasus that Hacks PCs with Malware
In yet another indicator of how hacking groups are quick to capitalize on world events and improvise their attack campaigns for maximum impact, threat actors have been discovered impersonating Amnesty International to distribute malware that purports to be security software designed to safeguard against NSO Group's Pegasus surveillanceware.
"Adversaries have set up a phony website that looks like Amnesty International's - a human rights-focused non-governmental organization - and points to a promised antivirus tool to protect against the NSO Group's Pegasus tool," Cisco Talos researchers said.
While it's unclear as to how the victims are lured into visiting the fake Amnesty International website, the cybersecurity firm surmised the attacks could be aimed at users who may be specifically searching for protection against this threat.
Besides making use of social engineering tricks by designing a rogue website with an identical look and feel of Amnesty International's legitimate portal, the modus operandi aims to trick the visitor into downloading an "Amnesty Anti Pegasus Software" under the guise of an antivirus tool that features capabilities to enable the bad actor find way a remote way into the compromised machine and exfiltrate sensitive information, such as login credentials.
Talos attributed the infections with high confidence to a Russian-speaking actor locating in the country and known for mounting attacks involving the Sarwent backdoor since at least January 2021 sprawling across a variety of victims, noting the level of modifications made to the supposed antivirus as likely evidence that "The operator has access to the source code of the Sarwent malware."
"The campaign targets people who might be concerned that they are targeted by the Pegasus spyware," the researchers said.