A well-known spyware creator posed as Facebook to infect its victims


Luis Miranda – May 20, 2020 – 23: 20 (CET)

NSO Group, the well-known Israeli spyware group, posed as Facebook to infect its victims with Pegasus software.

Un conocido creador de spyware se hizo pasar por Facebook para infectar a sus víctimas

The NSO Group , creator of the Pegasus spyware, was accused of becoming go through Facebook to hack targets. According to a report by Motherboard , the Israeli company created a web domain that looked like a Facebook page in order to trick victims.

A person who worked in the company revealed that the NSO Group infected mobile phones with its Pegasus software from pages with various designs. While some were posing as Facebook's security team, others were pretending to be FedEx tracking links or unsubscribe sites.

The 10 Domains related to an IP address throw Pegasus installations between 2015 and 2016. Spyware, widely documented in June 2017 by the Digital Rights Network and the Citizen Lab from Toronto infects iOS and Android phones to spy on high-profile characters.

The NSO Group created several pages to infect mobiles with its Pegasus spyware

Once installed on the mobile it is capable of taking control of files, text messages, and all content on the device. Similarly, you can locate the victim using GPS and activate the camera and the microphone to spy on conversations.

Pegasus already infected activists, high-level journalists in Mexico and other countries, as well as specific government targets. The NSO Group sells this tool directly to government agencies and local security departments. Currently installed without user interaction, although these domains are part of the 1 click version.


The domains used by the Israeli group were acquired by Facebook after being purchased by MarkMonitor, a company that is in charge of locating fraud related sites. Facebook currently has a legal fight with the NSO Group after discovering that they exploited a security flaw in WhatsApp.

In May 2019 a was discovered vulnerability in WhatsApp that allowed to install Pegasus. According to Facebook, the company took ten days to correct the failure and only affected a small number of users. Although the Israeli group backed out of the attack, the tech company made it clear they suspected the NSO Group.

Last October, WhatsApp formally accused the company of spyware of be responsible for infecting more than 1. 400 phones for spy on them. The lawsuit filed in a federal court in the United States warns that the NSO Group violated that country's fraud and computer abuse law.

👇 More in Hypertextual

  • EasyJet suffers a massive hack that compromises the data of 9 million customers
  • The head of the German privacy prohibits the use of WhatsApp to federal officials and institutions
  • A well-known porn website exposes the personal data of millions of its users