"Fake Pegasus Spyware Strains Populate Clear and Dark Web"

CloudSEK discovered that fake Pegasus spyware source code is being sold on the dark web, surface web, and instant messaging platforms. Researchers at CloudSEK searched the clear and dark web for spyware threats after Apple warned about "mercenary spyware" attacks. Many of the nearly 25,000 analyzed Telegram posts claimed to sell authentic Pegasus source code, a spyware strain commercialized by the Israeli company NSO Group. Most of the posts offered illegal services, often mentioning Pegasus and NSO tools. Interacting with over 150 potential sellers provided the researchers with insights into various samples and indicators, such as purported Pegasus source code, live demonstrations, file structures, and snapshots. Following the analysis of 15 source code samples and over 30 indicators from dark web sources, CloudSEK found that almost all samples were fake and ineffective. This article continues to discuss the selling of fake Pegasus spyware source code.

Infosecurity Magazine reports "Fake Pegasus Spyware Strains Populate Clear and Dark Web"

Submitted by grigby1

Submitted by Gregory Rigby on