Apple Issues Fix for Spyware That Infects Devices Without Users Clicking on Malicious Messages or Link

By
Zhi Hao
-

For what it’s worth, spyware still requires you to click on a malicious message or link in order to be activated.

So in a sense, it’s not undefeatable.

But what if I tell you that there’s spyware that can actually infect your device, without the need for you to click on anything?

And no I’m not jesting; there’s really such a thing.

Infects Devices Without Users Clicking on Malicious Messages or Link

Thankfully, however, a fix has since been issued, though only time will tell whether the spyware in question will be ruled out indefinitely.

Lest you’re unaware, the Pegasus software from Israeli firm NSO Group has always attracted attention for its intriguing quirk:

Apparently, it can exploit and infect devices, in a remote manner. 

“Many apps will automatically create a preview or cache of links in order to improve the user experience,” said the senior manager of cyber security firm Lookout.

“Pegasus takes advantage of this functionality to silently infect the device.”

But it was not until recently that the issue truly got blown out of proportion.

In July, an international media investigation reported that certain governments have utilised spyware to eavesdrop on activists, journalists and politicians.

It doesn’t help that earlier in March, a Saudi activist’s phone had been found with the code.

“We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware,” cybersecurity watchdog organisation Citizen Lab wrote in a post.

Apparently, a message will be sent via iMessage, and the spyware would activate automatically.

This certainly complicates things considering how NSO claims that its software is only used to counter terrorism and other crimes.

If applied with ill intentions, Pegasus is capable of turning on a phone’s microphone or camera and extracting its data.

A Fix

On 13 September 2021, Apple officially released a fix for the malware.

Mere hours after the release, the tech giant revealed that it had “rapidly” cultivated the update after the recent discovery.

“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” the company said.

Despite the fix, however, the incident has alerted relevant authorities to the prowess of such malware.

As such, UN experts have asked for a temporary cease on the sale of surveillance technology. Or at least, until the appropriate regulations have been put in place to safeguard human rights.

It should also be noted that NSO currently exports to 45 countries.

WhatsApp

This isn’t the first time that Pegasus had attracted such infamy.

Previously, messaging platform WhatsApp had warned its users against the same malware.

Apparently, the Israel-based NSO Group’s “Pegasus” can be installed in a user’s phone through a simple WhatsApp voice call. Thereafter, it’s able to take control of a phone camera and microphone, as well as track movement and record calls.

The incident prompted a petition to stop NSO Group from exporting its products.

The NSO software was tracked to 45 countries, of which “at least six countries with significant Pegasus operations have previously been linked to abusive use of spyware to target civil society.

“They include Bahrain, Kazakhstan, Mexico, Morocco, Saudi Arabia, and the United Arab Emirates.”

It should be noted that since then, Pegasus has grown even more in terms of effectiveness and strength.

Read Also: 

Featured Image: usfaridus/shutterstock.com 

Watch this for a complete summary of what REALLY happened to Qoo10, and why it's like a K-drama:

Read Also:

Advertisements
 
Zhi Hao
Email: [email protected]