Fake Amnesty International's Antivirus for Pegasus Employs Malware to Infect PCs

Fake Amnesty International’s Antivirus for Pegasus Employs Malware to Infect PCs

Threat actors have been detected impersonating Amnesty International to spread malware ostensibly meant to guard against NSO Group’s Pegasus surveillanceware, illustrating how hacking gangs are fast to take advantage of global events and adapt attack operations for optimum impact.

According to the statement from Cisco Talos researchers, a fake Amnesty International website has been set up by adversaries. It mentions a planned antivirus solution to counter the NSO Group’s Pegasus tool. However, the download installs the little-known Sarwent malware.

The United Kingdom, U.S., India, Russia, Ukraine, the Czech Republic, Romania, and Colombia are most affected by the campaign. While it’s unclear how the victims were persuaded to visit the phony Amnesty International website, the cybersecurity firm speculated that the attacks might target people looking online for protections against this threat.

The news follows an explosive study published in July 2021 that exposed the widespread use of the Israeli company’s Pegasus “military-grade malware” to enable human rights crimes by surveilling leaders of state, activists, journalists, and attorneys throughout the world.

Since then, the NGO has published a Mobile Verification Toolkit (MVT) to assist people in scanning their iPhone and Android devices for signs of compromise.

Aside from using social engineering techniques, such as creating a rogue website with the same look and feel as Amnesty International’s genuine portal, the plan is to dupe visitors into installing “Amnesty Anti Pegasus Software” posing as an antivirus program. It can allow bad actors to get remote access to the infected system and exfiltrate sensitive data like login details.

The campaign is aimed at those worried about being tracked by the Pegasus malware. This targeting increases the possibility of governmental participation, but there is insufficient evidence to determine whether states or nations are involved. It’s conceivable that this is just a financially motivated actor seeking new access by exploiting headlines.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.