WhatsApp Pegasus hack: what is it, how is it used, hack list, and more details

WhatsApp hasn't mentioned who was behind the cyberattack and illegal snooping.

Highlights
  • Pegasus is a spyware tool made by Israel-based NSO Group and goes by with other names like Q Suite and Trident.
  • The spyware was allegedly used to spy on journalists, activists, lawyers, and senior government officials in 20 countries across the globe, including India.
  • A missed call on WhatsApp allowed Pegasus to gain access to the target device.

Pegasus spyware was reportedly used to spy on a few high-profile Indian users, according to a new report. Back in 2019. WhatsApp first brought the matter to light when it sued Israeli spyware market NSO Group for its Pegasus spyware that was allegedly used to spy on journalists, activists, lawyers, and senior government officials in 20 countries across the globe, including India. WhatsApp says that it has contacted several Indian users who are believed to be targetted with the Pegasus spyware. Citizen Lab at the University of Toronto helped WhatsApp with the investigation into the cyberattack.

For those unaware, Pegasus is a spyware tool that belongs to Israel-based NSO Group that goes by with other names like Q Suite and Trident. The spyware is said to be capable of infiltrating both Android and iOS devices and tries to hack into the target’s mobile devices, including using zero-day exploits. As for WhatsApp, Pegasus is said to have used a vulnerability in the WhatsApp VoIP stack that is used to place video and audio calls. A missed call on WhatsApp allowed Pegasus to gain access to the target device.

According to Citizen Lab, Pegasus is said to have used other ways to enter a target’s device, including triggering the target to click on the link using social engineering or fake package notifications to deploy the spyware. Once Pegasus is installed on a target device, it can contact control servers and then relay commands to gather data from the infected device. It can steal information like passwords, contacts, text messages, voice calls, calendar details, and more. It can also spy using the phone’s camera, microphone and use GPS to track location.

Also readWhatsApp banned over 2 million accounts in India in just 30 days, mostly for spamming users

We sent a special WhatsApp message to approximately 1,400 users that we have reason to believe were impacted by [May 2019] attack to directly inform them about what happened,” said WhatsApp in a blog post. However, the company hasn’t mentioned who was behind the cyber-attack and illegal snooping. NSO Group had also denied the reports and claims that it only sells the spyware to “vetted and legitimate government agencies.”

WhatsApp-Pegasus hack list:

As many as 40 prominent names from Indian media have cropped up on the WhatsApp-Pegasus hack list, including:

  • Shishir Gupta, Hindustan Times
  • Prashant Jha, Hindustan Times
  • Rahul Singh, Hindustan Times
  • Ritika Chopra, Indian Express
  • Muzamil Jaleel, Indian Express
  • Sandeep Unnithan, India Today
  • Manoj Gupta TV18
  • Vijaita Singh, The Hindu,
  • Siddharth Vardharajan, The Wire
  • MK Venu, The Wire
  • Devirupa Mitra, The Wire
  • Rohini Singh
  • Prem Shankar Jha
  • Swati Chaturvedi
  • J Gopikrishnan, The Pioneer
  • Saikat Datta
  • Paranjoy Guha Thakurta
  • Smita Sharma
  • SNM Abdi
  • Iftikar Gilani
  • Manoranjana Gupta
  • Sanjay Shyam
  • Jaspal Singh Heran
  • Roopesh Kumar Singh