Following the massive cyberattack of 2019, WhatsApp sued the Israeli spyware make NSO Group for its Pegasus Spyware. This spyware was accused of spying on many Indian users and other users of 20 different countries. WhatsApp has reportedly contacted many Indian users who were preys of this attack.
Even before it was confirmed that Pegasus Spyware was behind the attack, there were many speculations about it, and was suspected to be the players behind the attack.
Pegasus is spyware developed by NSO Group based in Israel. WhatsApp had conducted an investigation on the cyberattack which happened in 2019 with the help of The Citizen Lab at the University of Toronto. The lab said that the spyware was also known by different names like Q Suite and Trident. It can affect both iOS and Android devices and steal information like contacts, passwords, text messages, calendar details, and even spy on voice calls made by the messaging apps. It can also be made use to spy on the camera and microphone of the device and can gather GPS data to track live locations.
Pegasus made use of a vulnerability in the WhatsApp VoIP Stack which aided in making video and audio calls. Thus, they were able to infiltrate the devices by a mere missed call. There were other ways also to gain access to a device like making the user click on a link using social engineering or fake package notifications.
WhatsApp wrote in a blog post that it had contacted over 1400 users who were believed to have been the targets of the 2019 cyberattack. However, the NSO Group has denied the accusation by saying that they only sell their spyware to “vetted and legitimate government agencies”.
