Friday, July 1, 2022
0 0

Amnesty International Anti-Pegasus Software: A Malware Trap

Date:

Share post:

Read Time:3 Minute, 31 Second

GDI Exclusive Study Paper: Amnesty International Anti-Pegasus Software: A Malware Trap

Have you ever thought that you have a spying device with open access to the microphone and camera in your pocket? Doesn’t it bother you who is following you behind your computer screen? Does anyone have the right to know your secrets? These are the gripping questions laid out by Amnesty International, a human rights-focused non-governmental organization, before offering end-users to download its antivirus for protection against the NSO group’s Pegasus. This synopsis presents the simple notion of a human rights organization trying to protect people’s privacy around the globe. The catch, however, lies in the fact that this campaign is being run by a fake website with a look identical to Amnesty International’s legitimate online portal.

Modus Operandi

In July 2021, a report by Amnesty International revealed widespread abuse of the Israeli firm NSO Group’s Pegasus spyware to facilitate human rights violations by surveilling heads of state, activists, journalists, and lawyers around the world. This episode induced a wave of concern regarding digital safe being and even led to Amnesty International releasing a Mobile Verification Toolkit (MVT) to help individuals scan their devices for evidence of compromise. The idea, that people’s increased concern regarding Pegasus spyware and the event of Amnesty International releasing its MVT would mislead individuals into thinking that this fake Anti-Pegasus tool is a step of the authorized Amnesty International, is what motivated the hacker group to design a rogue website by using social engineering tricks. The modus operandi aims to trick the visitors of this website into downloading the ‘Amnesty Anti-Pegasus Software’. The download, in actuality, leads to the installation of a strain of malware known as ‘Sarwent’ on your computer.

Afghanistan current situation: How America pushes Pakistan in hot water due to its failure in Afghan War

Mechanism of Sarwent Malware

The Sarwent Malware started getting recognition in 2018 as a basic malware which only served as a first-stage payload possessing the ability to install and download other malware on compromised computers. However, over the years, experts have spotted modifications in Sarwent. Now, it can perform functions as complex as finding a remote way into the compromised machine and exfiltrating sensitive information, such as login credentials. In this campaign, a highly customized variant of Sarwent coded in Delphi language was used. It allows remote desktop access through VNC or RDP and executes command line or PowerShell instructions received from an attacker-controlled domain, the results of which are sent back to the server.

Financially Motivated Actor or State Involvement?

It is worth noting that only high ranking individuals were targeted in the Pegasus spyware episode, which leads to the belief that high ranking individuals would be the most interested in downloading the Anti-Pegasus software. Thus, it would be safe to say that the targeting this campaign executed might have state involvement. However, due to the unavailability of sufficient information, the possibility of a financially motivated actor looking to leverage headlines to gain new access cannot be thrown out entirely as well. The United Kingdom, the United States, Russia, India, Ukraine, Czech Republic, Romania, and Colombia are among the countries most affected by the campaign. Data from these countries might enable experts to determine whether this malware campaign is state-sponsored cyber warfare or the action of a financially motivated actor.

Conclusion

As states and individuals continue their grind towards a digitized world, criminal events in the cyber realm would only increase. Hacking groups would keep on capitalizing on these events and improvising their attack campaigns for maximum impact. The law enforcement agencies and cyber watchdogs cannot possibly bring the offence rate to zero. Thus, it is upon end-users to steer away from cyber offences to the best of their ability. There is no doubt in the fact that hackers put in much effort in replicating the official website of Amnesty International, but the giveaway is that the original website has a white background. In contrast, the fake one has a transparent background. This should serve as an example of how deep analysis is crucial to the safe being of individual and collective entities in this digital world.

About Post Author

Fatima Zainab

Fatima Zainab studies Strategic and Nuclear Studies at National Defence University, Islamabad. She is an IBM Certified Cybersecurity Analyst. Her areas of interest cover Cyber Warfare, Contemporary Security Studies, and International Politics.
Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %
Fatima Zainab
Fatima Zainab studies Strategic and Nuclear Studies at National Defence University, Islamabad. She is an IBM Certified Cybersecurity Analyst. Her areas of interest cover Cyber Warfare, Contemporary Security Studies, and International Politics.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

spot_img

Related articles

Then and Now: The Changes Between 2 NATO Madrid Summits

At the NATO summit in Madrid, alliance leaders — including U.S. President Joe Biden and alliance Secretary-General Jens Stoltenberg...

Lockheed wins $2.3 billion contract to build H-60M Black Hawk helicopters

The United States government and Sikorsky, a Lockheed Martin company, signed a five-year contract for a baseline of...

Iranian Missiles: Evolution and Arsenal

Iran has the largest and most diverse ballistic missile arsenal in the Middle East. (Israel has more...

Emerging trends of AI between great powers and its impacts on strategic stability

Abstract Contemporary advancements in artificial intelligence (AI) indicate the considerable and groundbreaking impact of the latest technology on military...