May 23, 2024 at 01:51AM
CloudSEK has warned of scammers selling fake code masquerading as NSO Group’s Pegasus spyware. The firm alleges that threat actors are distributing their own tools under Pegasus’s name to profit from its infamy. CloudSEK researchers discovered fake spyware offered for sale on various platforms and noted a shift in Apple’s approach to spyware attribution.
The meeting notes outline the recent warnings from CloudSEK about scammers selling counterfeit code that is falsely advertised as the NSO Group’s Pegasus spyware. The fake spyware was discovered after CloudSEK researchers perused thousands of posts on Telegram and other platforms, interacting with potential sellers and identifying indicators of compromise. It was found that most of the samples were fraudulent and ineffective, despite being offered for sale for hundreds of thousands of dollars.
Furthermore, the notes detail Apple’s decision to stop attributing spyware-related attacks to specific sources and instead categorize them broadly as “mercenary spyware.” This change coincided with notifications of remote iPhone compromise in 92 countries. The meeting also highlighted that the fraudulent code sellers welcomed and internally shared Apple’s advisory, suggesting their adaptability to changes in the landscape.
The firm’s report suggests that by associating their products with the NSO Group, the counterfeit code sellers not only gain branding leverage but also fly under the radar while selling custom-built spyware under a different entity’s name.
The meeting notes conclude by mentioning that The Register reached out to NSO Group for a comment on the counterfeits and their impact on its business.
Please let me know how you would like me to proceed with this information or if there is anything further you would need.