Like other phishing expeditions, the scam is focused on fooling unwitting users into interacting with a link filled with malware. In this case, NSO Group has created a page that looks like a legitimate internal page from Facebook security team portal. It is worth noting Facebook has been targeting NSO and attempting to get the group before U.S. law courts. The company says the hacking team has leveraged U.S. systems to spy. Facebook is suing NSO Group for a zero-day exploit it perpetrated on its WhatsApp service a year ago. The Pegasus spyware was installed on the service to attack users. Facebook says the hackers accessed vulnerable WhatsApp servers and infected around 1,400 smartphones.
Pegasus
It has been repurposed several times and it seems the tool is behind the recently discovered campaign. Pegasus can be installed on an array of devices, including most iOS and Android smartphones. It is worth noting NSO Group has continued to plead innocence and claims it has not part in nefarious spying. Instead, the company insists it provides legitimate tools for governments to use. “Revisiting and recycling the conjecture of NSO’s detractors, such as CitizenLab, doesn’t change the overall truth of our position, which we have stated to the U.S. Federal Court in California,” an NSO spokesperson told Motherboard. “Our factual assertions have been provided as part of the official court record, and we do not have anything else to add at this time.”
