Pegasus is an advanced spyware developed by the Israel-based NSO Group, designed to covertly infiltrate mobile devices and monitor user data. It is primarily employed for intelligence and surveillance purposes by various actors, including state agencies.
Operational Mechanism
One of Pegasus’s most striking features is its ability to penetrate devices through zero-click attacks—requiring no user interaction. This means a device can be compromised without the target clicking a link or opening a file. The spyware typically exploits vulnerabilities in operating systems, particularly those found in iOS and Android platforms.
1. Infection Vectors
- Zero-click attacks: Pegasus leverages security flaws in popular applications like WhatsApp or iMessage to infiltrate devices without the user's awareness. In some instances, merely receiving a call can be sufficient for infection.
- Spear phishing: Earlier versions relied on malicious links sent to users, which is still used in certain scenarios.
- Wi-Fi or base station impersonation: In cases of physical proximity, Pegasus can be installed via compromised Wi-Fi networks or fake cell towers.
2. Access Capabilities and Functionality
Once Pegasus infects a device, it gains near-total access:
- Microphone and camera control: It can record audio and video covertly, even when the device appears to be off.
- Monitoring encrypted communication: It can extract data from end-to-end encrypted messaging apps such as WhatsApp, Signal, and Telegram.
- Location tracking: Real-time GPS data can be collected and transmitted.
- File system access: The spyware can retrieve photos, emails, documents, and other data stored on the device.
3. Stealth and Removability
Pegasus is designed to operate as covertly as possible:
- It runs in the background while minimizing battery and data usage.
- It automatically erases traces of its presence on the infected device.
- It can be remotely removed, complicating forensic investigations.
4. Upgradability
NSO Group continuously updates Pegasus to adapt to new operating system versions and security countermeasures. This evolutionary capacity distinguishes Pegasus from typical spyware programs.
Use Cases and Target Profiles
State-Sponsored Surveillance
Numerous countries have deployed Pegasus to collect intelligence and monitor dissent. Known users include state security agencies in Saudi Arabia, India, the United Arab Emirates, Hungary, and Mexico. For example, reports suggest that Saudi journalist Jamal Khashoggi was surveilled via Pegasus prior to his assassination in 2018. In India, the spyware was proven to have been used against opposition leaders and activists.
Targeting of Journalists
One of Pegasus's most frequent targets has been investigative journalists, independent publishers, and those critical of regimes. According to the 2021 Pegasus Project, nearly 180 journalists across more than 80 countries were confirmed to have been targeted, posing a serious threat to press freedom worldwide.
Surveillance of Opposition Politicians and Activists
Pegasus has been used to monitor political figures and civil society actors critical of ruling authorities. Such surveillance not only violates individual privacy but also undermines democratic processes—particularly during election periods, where the interception of communications may disrupt fair competition.
Monitoring of Judiciary, Academics, and Business Figures
Beyond politics and media, Pegasus has also been deployed against judges, scholars, and businesspeople. This indicates its usage is not limited to national security concerns but extends to political, economic, and strategic motivations.
Prevalence and Identified Targets
Leaked data has revealed lists containing more than 50,000 phone numbers. While not all of these devices were necessarily infected, the data provides insights into the profiles and individuals selected for surveillance. Among the listed targets were heads of state, diplomats, and employees of international organizations.
