Digital Spywares and Prevention Techniques

Here are some practical tips for reducing your "attack surface" and protecting yourself from spywares like Pegasus

Digital Spywares and Prevention Techniques
Digital Spywares and Prevention Techniques
Titlee Sen - 28 July 2021

Pegasus, a spyware programme developed by the NSO Group, has sparked outrage throughout the world, including in India this month. This malware has the ability to infiltrate your device without you even being aware of it. It appears that sophisticated espionage tools like Pegasus are one step ahead of IT giants like Google, Apple, Microsoft, and others, with malware leveraging active zero-click assaults. While Pegasus is a one-of-a-kind spyware that is offered for a high fee by the Israel-based organisation, there are others that have been made accessible by other intelligence services as well as well-known hackers. Below mentioned are the Spywares which have similar features as Pegasus.

Hornbill and Sunbird

Confucius, an advanced persistent threat (APT) organisation, has been connected to two malware variants known as Hornbill and SunBird. The virus appears to be specifically targeted at infecting the Whatsapp messaging network and stealing conversation material.

Hornbill is built on MobileSpy, a discontinued commercial stalker ware software for remotely monitoring Android devices. SunBird, on the other hand, appears to be based on BuzzOut, an older kind of spyware created in India. Both malware types, on the other hand, are capable of stealing data such as device IDs, call records, WhatsApp voice notes, contact lists, and GPS position data.

Exodus

eSurv, an Italian spying firm, developed this malware. According to the publication's investigation, the virus had Italian words in its code, indicating that eSurv was headquartered in Italy.

Exodus, unlike Pegasus, which requires sophisticated gear, is a two-step procedure. The virus, which infected phones via an app, required the user to download it before it could gather information such as the target's IMEI code and phone number.

Once it has gained access, the virus allows the hacker to view data such as a list of applications, a phone's contact list, and even the device's photos.

Dropoutjeep

It is a spyware that was formerly used by the National Security Agency (NSA) to spy on specific people. This was accomplished by installing spyware on laptops and mobile devices, particularly Apple iPhones.

The NSA was able to track a person's whereabouts and monitor what they were texting or watching using all of this information. All of this is done without informing the individual that their phone has been hacked.

RCSAndroid

This malware was disseminated via software that was quietly released on the Google Play Store without raising any red flags. Hacking Team, a technology company based in Milan, Italy, created this app.

This firm, like the NSO Group, claims to be in the business of providing surveillance software to government and law enforcement organisations. RCSAndroid was classified as ‘one of the most professionally developed and sophisticated Android malware ever exposed’.

P6-GEO

Israeli firms have a strong presence in the surveillance market. Picsix, another startup, has developed a device that can track a person's position just by utilising their phone number.

Intelligence agencies are likely to employ the P6-GEO, as are other programmes, and it may be used to control GSM mobile devices as well.

How to Dodge Spywares

Although there is no such thing as perfect security, as one old saying in the profession goes, that is no justification for complacency. Here are some practical measures you may take to decrease your "attack surface" and defend yourself from malware such as the ones listed above.

Safeguarding Against Social Engineering Clickbait

Pegasus assaults have been reported on a number of occasions, with journalists and human rights advocates getting SMS and WhatsApp bait messages urging them to open harmful links. The URLs download malware that infects devices via browser and operating system security flaws. In the leaked pamphlet, this attack vector is referred to as an Enhanced Social Engineer Message, or ESEM.

Future ESEM assaults may employ a variety of bait messages, which is why you should be wary of any contact that tries to persuade you to do a digital action. If you receive a communication containing a link, resist the desire to click on it right away, especially if it has a feeling of urgency. Even if you trust the connected site, manually put in the link's web URL.

When you visit a website, save the URL in a bookmark folder and only use the link in the folder to reach it. If you're going to click a link rather than typing it out or accessing the site through a bookmark, be sure it's referring to a site you're acquainted with. Before clicking on a link that looks to be a shortened URL, utilise a URL expander service to expose the true, long link that it refers to.

Defending Against Network Injection Attacks

In many cases, these spyware infected phones by capturing network traffic via a man-in-the-middle, or MITM, attack, in which Pegasus captured unencrypted network traffic, such as HTTP web requests, and redirected it to malicious payloads.

Always enter https:// instead of the domain name when visiting a website, and bookmark secure (HTTPS) URLs for your favourite sites to use instead of inputting the domain name directly. Use a decent VPN on both your desktop and mobile devices as an alternative. A VPN encrypts all connections and routes them via a VPN server, which then visits websites on your behalf and delivers the results to you.

Zero-Click Attacks

Zero-click exploits derive their name from the fact that they don't require the target to do anything. All that is required of the targeted user is the installation of a specific susceptible programme or operating system. However, users can lessen their vulnerability to these vulnerabilities by limiting their "attack surface" and implementing device compartmentalisation.

To limit the chances of spyware infiltrating your smartphone, it should only include the bare minimum of programmes required to conduct day-to-day tasks. Audit your installed applications and their permissions on a regular basis. Device compartmentalisation is the process of distributing your data and apps across different devices.

Physical Accessibility

Physical interaction with your phone is a last way for an attacker to infect it. Maintain a clear line of sight to your gadgets at all times. When you lose sight of your gadgets, you run the risk of being physically harmed. When you need to leave your device alone, put it in a tamper bag, especially if you're in a risky place like a hotel room.

In general terms, if you believe your phone is infected with spyware, use Mobile Verification Toolkit. Back up essential files on a regular basis. Finally, there's no danger in resetting your phone on a regular basis.

Advertisement*