Cyber-security researchers on Thursday warned about the widespread misuse of fake Pegasus spyware on the Dark Web where hackers are leveraging the name of Pegasus for financial gains.

Following Apple’s recent notification to users in 92 countries about a ‘mercenary spyware’ attack, homegrown cybersecurity firm CloudSEK carried out an in-depth investigation.

They found a widespread misuse of Israel-based company NSO’s Pegasus spyware’s name.

The findings serve “as an advisory against scammers and threat actors who are exploiting the growing recognition of NSO Group’s renowned product, Pegasus, for their fraudulent purposes,” the researchers noted.

The researchers analyzed approximately 25,000 posts on Telegram, many of which claimed to sell authentic Pegasus source code.

Buy Me A Coffee

“These posts followed a common template offering illicit services, with Pegasus and NSO tools frequently mentioned,” the team mentioned.

By interacting with over 150 potential sellers, CloudSEK gained insights into various samples and indicators shared by these actors.

This included purported Pegasus source code, live demonstrations, file structures, and snapshots.

“Similar misuse was observed on surface web code-sharing platforms, where actors disseminated randomly generated source codes falsely associated with Pegasus,” said researchers.

After analyzing 15 samples and over 30 indicators from human intelligence (HUMINT), deep, and dark web sources, the team discovered that nearly all samples were “fraudulent and ineffective”.

Threat actors created their own tools and scripts, distributing them under Pegasus’ name to capitalize on its notoriety for financial gain, the report said.

READ
New York Times Source Code Stolen Using Exposed GitHub Token