Cyber-Security Researchers Warn of Fake Pegasus Spyware Scams on Dark Web

Bengaluru, May 23: Cyber-security researchers have issued a warning about the widespread misuse of fake Pegasus spyware on the Dark Web. Hackers are exploiting the renowned name of Pegasus for financial gain, according to a new investigation by homegrown cybersecurity firm CloudSEK.

Following recent notifications by Apple to users in 92 countries about a ‘mercenary spyware’ attack, CloudSEK conducted an in-depth investigation into the misuse of the Israel-based NSO Group’s Pegasus spyware.

The findings serve “as an advisory against scammers and threat actors who are exploiting the growing recognition of NSO Group’s renowned product, Pegasus, for their fraudulent purposes,” the researchers noted.

CloudSEK’s team analyzed approximately 25,000 posts on Telegram, many of which claimed to sell the authentic Pegasus source code. These posts followed a common template offering illicit services, frequently mentioning Pegasus and NSO tools.

By interacting with over 150 potential sellers, CloudSEK gained insights into various samples and indicators shared by these actors. This included purported Pegasus source code, live demonstrations, file structures, and snapshots.

“Similar misuse was observed on surface web code-sharing platforms, where actors disseminated randomly generated source codes falsely associated with Pegasus,” the researchers stated.

After analyzing 15 samples and over 30 indicators from human intelligence (HUMINT), deep, and dark web sources, the team discovered that nearly all samples were “fraudulent and ineffective.”

Threat actors have been creating their own tools and scripts, distributing them under the Pegasus name to capitalize on its notoriety for financial gain, according to the report.