A secretive, unique and ultimately powerful piece of malware designed to spy on a targets’ iPhone was found lurking on the digital communications of a prominent, Middle Eastern human rights activist, according to Citizen Lab who conducted research alongside mobile cybersecurity firm Lookout.
Evidence suggests that this specific species of malware — known as spyware — exploited three different unknown vulnerabilities in Apple’s mobile operating system, or iOS, and allowed for attackers to remotely exfiltrate data related to a device’s browsing history, emails, text messages, contact lists, photos and more.
The target, Ahmed Mansoor of the United Arab Emirates, became suspicious of a text message from a phone number he did not recognize, which encouraged a link to be pressed. Instead of tapping into the message, Mansoor sent the message to Bill Marczak, a lead researcher at Citizen Lab, a digital rights research laboratory housed within the University of Toronto’s Munk School of Global Affairs.
In an interview with Vice’s Motherboard, Marczak called the spyware Mansoor sent him, “one of the most sophisticated pieces of cyberespionage software” his team had ever seen.
Lookout and CitizenLab were able to trace the origins of this spyware — classified as a zero day, as it had never previously been reported — back to an Israeli security firm named the NSO Group, a global surveillance competitor to known spyware vendors like FinFisher and Hacking Team.
Based on digital forensics collected by CitizenLab and Lookout, the research identified the malicious software as an available NSO Group product named Pegasus. Little was previously known about Pegasus, its design or authors prior to this incident.
Researchers believe the United Arab Emirates government likely entered into business with NSO Group in order to spy on Mansoor and perhaps other dissidents. Beyond the Middle East, it is also believed the Mexican government maybe be a NSO Group customer, according to Motherboard.
As part of this investigative case, Lookout notified Apple of the three new software vulnerabilities they had found, which we now know help make Pegasus possible. On Thursday, Apple quickly released an upgrade to fix these flaws — the patch is wrapped up into the iOS 9.3.5 update.