Pegasus Spyware (NSO Group)
What is Pegasus Spyware (NSO Group)?
Pegasus Spyware (NSO Group)A commercial mobile spyware developed by the Israeli company NSO Group that infects iOS and Android phones, often through zero-click exploits, and exfiltrates messages, calls, location, and microphone data.
Pegasus is sold to government customers and has been documented by Citizen Lab and Amnesty International's Security Lab on the phones of journalists, lawyers, and activists worldwide, including cases tied to the murdered journalist Jamal Khashoggi. Notable exploit chains include FORCEDENTRY (CVE-2021-30860) against iMessage, patched by Apple in iOS 14.8 in September 2021, and BLASTPASS in 2023 (CVE-2023-41064, CVE-2023-41061). Apple introduced Lockdown Mode in iOS 16 and started sending threat notifications to potential targets, and added NSO Group to the U.S. Department of Commerce Entity List in 2021. Indicators of compromise are published in Amnesty's Mobile Verification Toolkit (MVT).
● Examples
- 01
Citizen Lab reported Pegasus on the iPhones of journalists and activists, with the FORCEDENTRY iMessage zero-click later patched by Apple in iOS 14.8.
- 02
Amnesty's MVT helps investigators look for known Pegasus indicators in an iOS sysdiagnose archive.
● Frequently asked questions
What is Pegasus Spyware (NSO Group)?
A commercial mobile spyware developed by the Israeli company NSO Group that infects iOS and Android phones, often through zero-click exploits, and exfiltrates messages, calls, location, and microphone data. It belongs to the Mobile Security category of cybersecurity.
What does Pegasus Spyware (NSO Group) mean?
A commercial mobile spyware developed by the Israeli company NSO Group that infects iOS and Android phones, often through zero-click exploits, and exfiltrates messages, calls, location, and microphone data.
How does Pegasus Spyware (NSO Group) work?
Pegasus is sold to government customers and has been documented by Citizen Lab and Amnesty International's Security Lab on the phones of journalists, lawyers, and activists worldwide, including cases tied to the murdered journalist Jamal Khashoggi. Notable exploit chains include FORCEDENTRY (CVE-2021-30860) against iMessage, patched by Apple in iOS 14.8 in September 2021, and BLASTPASS in 2023 (CVE-2023-41064, CVE-2023-41061). Apple introduced Lockdown Mode in iOS 16 and started sending threat notifications to potential targets, and added NSO Group to the U.S. Department of Commerce Entity List in 2021. Indicators of compromise are published in Amnesty's Mobile Verification Toolkit (MVT).
How do you defend against Pegasus Spyware (NSO Group)?
Defences for Pegasus Spyware (NSO Group) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Pegasus Spyware (NSO Group)?
Common alternative names include: Pegasus, NSO Group Pegasus.
● Related terms
- mobile-security№ 849
Predator Spyware (Intellexa)
Commercial mobile spyware developed by Cytrox and marketed by the Intellexa consortium, used by government customers against journalists, opposition politicians, and civil society on iOS and Android.
- mobile-security№ 550
iOS Malware
Malicious software targeting Apple iPhones and iPads, including supply-chain attacks on app developers, mercenary spyware, and threats specific to jailbroken devices.
- malware№ 1083
Spyware
Malware that secretly collects information about a user, device, or organization and sends it to an external party.
- vulnerabilities№ 1263
Zero-Day Exploit
Working exploit code for a vulnerability that the vendor does not yet know about, or for which no patch is available — extremely valuable to attackers.
- mobile-security№ 694
Mobile App Security
The practice of designing, building, and testing iOS and Android applications to protect user data, prevent reverse engineering, and resist runtime tampering.
- mobile-security№ 562
Jailbreak (iOS)
The process of bypassing Apple's code-signing and sandbox restrictions on an iPhone or iPad so the user can install software that Apple has not approved.