Researchers discover a fake anti-virus tool for Pegasus by hackers impersonating Amnesty International

Advertisement
Researchers discover a fake anti-virus tool for Pegasus by hackers impersonating Amnesty International
Hackers have created a fake website that offers an anti-virus tool against the spyware but it instead installs malware on the user’s device.Unsplash
  • There’s a fake Amnesty International website created to offer protection against the Pegasus spyware.
  • The anti-virus tool actually installs malware on the victim’s device.
  • The website and the anti-virus tool look quite legitimate which might fool quite a lot of people.
Hackers are impersonating Amnesty International through a fake website that promises to protect against the Pegasus spyware. This could actually mislead people as it was Amnesty that released a report on how the NSO Group’s Pegasus spyware was used to target international journalists and activists. The fake website offers an anti-virus tool against the spyware but it instead installs malware on the user’s device.

This malware called ‘Sarwent’ isn’t very popular but it can be potentially harmful as it can activate remote desktop protocol on the victim’s device, security researchers from Talos Intelligence said in a blog post. If Sarwent is installed then hackers can gain remote access to the device and infiltrate any kind of data from it.

Hackers put in quite a lot of effort in replicating Amnesty International’s website but the giveaway is that the original site has a white background but the fake one has a transparent background. Talos found that this site has a full-page promotion of the anti-virus software called “AVPegasus”. Hackers offer a demo version of the “Amnesty Pegasus” software that users can download. The design of the anti-virus software also looks very legitimate and can easily fool one into thinking that it’s real. There’s a “Pegasus Scan” tool that scans and looks out for spyware, and other options like system junk, malware removal, maintenance and optimisation.

Advertisement

Talos found that the campaign for this malware is widespread but has a low-volume in comparison to other large-scale campaigns. The countries affected include the US, the UK, Russia, India, Ukraine, Czech Republic, Romania and Colombia but there haven’t been any malicious advertisements or phishing campaigns to promote the malware. The security firm is also not certain whether this is just the work of a financially motivated hacker or something bigger with a government possibly involved.

SEE ALSO:

How Google is using AI to improve search, videos and more with a focus on visuals
Realme Narzo 50A review: Camera upgrades, rest remains the same
Advertisement
{{}}