Is Our Zambian Government Spying on Us With Pegasus Spyware

By Funashi Mwamba |
Pegasus Spyware
Views: 332
Read Time:1 Minute, 57 Seconds

According to Citizen Lab Zambia is among the suspected countries infected with Spyware Pegasus. Countries like the United States Of America, UK, United Arab Emirates, and Israel are confirmed with the malware been very active. 

Pegasus is a Spyware that is installable on a device like iOS that is Apple’s mobile operating system. It was developed by Israeli cyberarms firm called NSO and it is used by a designated operator to obtain information about the affected device and interconnection. 

An operator called MULUNGUSHI was identified in Zambia from February 2018 and is been operational to present gathering data and information. Such as Contact details, device settings, screenshots and browsing history.

This maybe government-sanctioned spying as the Pegasus spyware works on that level. 

To monitor a target, a government operator of Pegasus must convince the target to click on a specially crafted exploit link, which, when clicked, delivers a chain of zero-day exploits to penetrate security features on the phone and installs Pegasus without the user’s knowledge or permission. The report says

Is Our Zambian Government Spying on Us With Pegasus Spyware 1
Diagram from purported NSO Group Pegasus documentation showing the range of information gathered from a device infected with Pegasus. Source: Hacking Team Emails.

How Pegasus Works

Pegasus is capable of reading text messages, tracking calls, collecting passwords, tracing the location of the phone, and gathering information from apps.

It’s also able to record both voice and video calls, calendar list and can retrieve files from the phone.

Further, the Citizen Lab finding states

Once the phone is exploited and Pegasus is installed, it begins contacting the operator’s command and control (C&C) servers to receive and execute operators’ commands, and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps.

The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity.

The Pegasus Spyware Zambian Operator MULUNGUSHI seems to affect the MTN Network with an ASN name 36962. A Citizen Lab DNS cache hits were recorded on that ASN.

Spyware operation maybe politically targeted or may be used for legitimate law enforcement purposes. But in Zambia, such law enforcement does not exist as yet and Pegasus present as the first spyware in Zambia sanctioned with use of foreign power.

Share16
Tweet
Pin
16 Shares
Posted in Security and tagged ,

Leave a Comment

You must be logged in to post a comment.