Cybersecurity experts issued a warning Thursday regarding the widespread proliferation of counterfeit Pegasus spyware on the Dark Web, where hackers exploit the Pegasus brand for financial motives.
In light of Apple's recent alert to users in 92 countries regarding a 'mercenary spyware' assault, domestic cybersecurity firm CloudSEK conducted a comprehensive investigation. Their findings reveal a rampant misuse of the name of Israel-based company NSO's Pegasus spyware.
The study acts as a cautionary measure against scammers and malicious actors who are taking advantage of the increasing recognition of NSO Group's esteemed product, Pegasus, for fraudulent activities, the researchers emphasised.
Analysing approximately 25,000 posts on Telegram, many of these posts purported to sell genuine Pegasus source code. "These posts adhered to a common format offering illicit services, frequently mentioning Pegasus and NSO tools," noted the team.
Through interactions with over 150 potential vendors, CloudSEK gained insights into various samples and indicators shared by these individuals. This included alleged Pegasus source code, live demonstrations, file structures, and snapshots.
"Similar misrepresentation was observed on surface web code-sharing platforms, where individuals circulated randomly generated source codes falsely linked to Pegasus," researchers stated.
Following an analysis of 15 samples and over 30 indicators sourced from human intelligence (HUMINT), deep, and dark web channels, the team determined that nearly all samples were "fraudulent and ineffective.".
The report highlighted that threat actors are fabricating their own tools and scripts, distributing them under the guise of Pegasus to exploit its infamous reputation for monetary gain.