Take a look at the essential events, concepts, terms, quotes, or phenomena every day and brush up your knowledge. Here’s your knowledge nugget for today. Knowledge Nugget: Pegasus and Other Spyware/Malware in the News Subject: Security, Science and Technology (Relevance: Cybersecurity is an important topic for the UPSC exam. Mains questions in General Studies III have been asked on various elements of cybersecurity. In this regard, knowing about the various types of spyware and malwares that have been in the news becomes important.) Why in the news? Israeli company NSO Group’s controversial spyware Pegasus was used to target 1,223 individuals using WhatsApp across 51 countries in 2019, with 100 Indians being impacted by use of the hacking software — the second highest count globally, court documents showed. The revelation has come as part of a lawsuit filed by WhatsApp against the NSO Group in October 2019, accusing the surveillance company of exploiting a vulnerability in the messaging platform to target users including journalists, lawyers, politicians and human rights activists. In this context, let's know about the Pegasus. Key Takeaways : Pegasus 1. All spyware do what the name suggests — they spy on people through their phones. Pegasus works by sending an exploit link, and if the target user clicks on the link, the malware or the code that allows the surveillance is installed on the user’s phone. (A presumably newer version of the malware does not even require a target user to click a link.) Once Pegasus is installed, the attacker has complete access to the target user’s phone. 2. Pegasus has been implicated in hacks by authoritarian governments across the world, with the NSO Group holding that it only sells the spyware to government agencies. Do you Know? The NSO Group is a Tel Aviv-based cyber-security company that specialises in “surveillance technology” and claims to help governments and law enforcement agencies across the world fight crime and terrorism. 3. The first reports on Pegasus’s spyware operations emerged in 2016, when Ahmed Mansoor, a human rights activist in the UAE, was targeted with an SMS link on his iPhone 6. Hermit 1. In 2022, ‘Hermit’ was believed to have targeted iPhones and Android devices in Italy and Kazakhstan. Hermit’s deployment – the spyware has been developed by an Italian vendor called RCS Lab – was first reported by cybersecurity researchers at Lookout, a San Francisco-based cybersecurity firm. Then Google’s Threat Analysis Group (TAG) put out a detailed blog post, explaining how they believed Hermit was used to target devices. 2. Hermit is a spyware on the lines of Pegasus by NSO Group. Once installed on a device, it can record audio on the device, carry out unauthorised calls, and carry out many unauthorised activities. 3. According to Lookout, the spyware can steal stored account emails, contacts, browser bookmarks/searches, calendar events, etc. It can also take pictures on the device, steal device information such as details about applications, the kernel information, model, manufacturer, OS, security patch, phone number, etc. It can also download and install APK (the app software files on Android) on a compromised phone. 4. Sophisticated spyware such as Hermit and Pegasus cost millions of dollars in licensing fees, and these are not simple operations. It’s not like common malware targeting regular users. And in the case of Hermit, it appeared the operations used were complex. According to Google’s TAG team, all campaigns started with a unique link sent to the victim’s phone. When the user clicked, the page installed the application on both Android and iOS. Do you Know? In March 2024, Dutch cybersecurity firm EclecticIQ uncovered a cyber-espionage campaign targeting Indian government agencies and the energy sector, using a tweaked version of “HackBrowserData” to steal browser credentials, cookies, and history. Meanwhile, a US Department of Justice indictment revealed that Chinese hackers targeted EU members of the Inter-Parliamentary Alliance on China and Italian MPs, aiming to track their IP addresses and locations. Snowblind 1. A banking malware called ‘Snowblind’ was in news in last year for targeting Android users to steal banking credentials. This malware exploits a built-in security feature to bypass anti-tamper protection in apps handling sensitive information. 2. Snowblind, unlike other Android malware, exploits a feature known as ‘seccomp’, which stands for secure computing’. It is a component of the core Linux kernel and the Android operating system that checks programs for signs of manipulation. 3. Snowblind can also disable biometric and two-factor authentication, which are two security features typically used by financial apps to prevent unauthorised access. Snowblind, like most Android malware, affects users who install apps from untrusted sources. BEYOND THE NUGGET: What are spy and stalkerware apps? 1. Spy and stalkerware apps, like viruses and other malware, infect devices that are connected to the internet. While viruses and malware can be detected by anti-virus software, spyware and stalkerware apps disguise themselves as useful and send out stolen data to central servers without the knowledge of the users. 2.Notably, most spyware and stalkerware apps disguise themselves as anti-theft applications that can be used to track in case the device is stolen or gets lost, cyber-security experts warn. 3. A spyware app, which can also be installed remotely, accesses the data usage pattern of the device, gains access to photos and videos as well as other personal information of the user, and then passes it off to a central server. 4. On the other hand, in most cases, a stalkerware app can be installed only when someone has physical access to the digitally connected device. Though the app works in a manner similar to spyware apps, it goes a step ahead and also gives out the location of the device to a master device which controls the stalkerware app. Post Read Questions (1) The terms ‘WannaCry, Petya and EternalBlue’ sometimes mentioned in the news recently are related to (UPSC CSE 2018) (a) Exoplanets (b) Cryptocurrency (c) Cyber attacks (d) Mini satellites (2) In India, it is legally mandatory for which of the following to report on cyber security incidents? (UPSC CSE 2017) 1. Service providers 2. Data centres 3. Body corporate Select the correct answer using the code given below: (a) 1 only (b) 1 and 2 only (c) 3 only (d) 1, 2 and 3 Answer Key 1. (c) 2. (d) (Sources: India second most impacted by NSO Group spyware globally: Pegasus used to target 100 Indians, court documents show, Explained: What is Israeli spyware Pegasus, which carried out surveillance via WhatsApp?, Quixplained: Understanding Pegasus, Explained: Why is spyware, stalkerware gaining traction during the pandemic?, What is Hermit, Snowblind malware uses an Android security feature to bypass security, 🚨 Click Here to read the UPSC Essentials magazine for March 2025. Share your views and suggestions in the comment box or at manas.srivastava@indianexpress.com🚨 Subscribe to our UPSC newsletter and stay updated with the news cues from the past week. Stay updated with the latest UPSC articles by joining our Telegram channel – Indian Express UPSC Hub, and follow us on Instagram and X.
