Beware the Fake Pegasus: Scammers Peddle Bogus Spyware for Big Bucks

Scammers are peddling phony Pegasus spyware, but buyers beware—it’s about as genuine as a $3 bill. CloudSEK’s sleuthing reveals these fake “zero-click” hacks are just zeroes, sans the click.

Hot Take:

It seems the infamy of NSO Group’s Pegasus spyware has turned it into the Louis Vuitton of the cyber underworld – everybody wants a piece, even if it’s a knockoff! Scammers are cashing in on the notorious brand name, selling counterfeit code that’s about as effective as a chocolate teapot. Who knew malware could have a luxury counterfeit market too?

Key Points:

  • Indian cybersecurity firm CloudSEK exposes a bustling trade of fake Pegasus spyware on Telegram, where scammers are peddling the digital equivalent of snake oil.
  • Despite the real Pegasus being intended for law enforcement, its abuse has been reported; now, fake versions are being sold for exorbitant prices – up to $1.5 million!
  • CloudSEK’s investigation involved over 25,000 posts and chats with 150 sellers, leading to the examination of 15 counterfeit samples and 30+ indicators of compromise.
  • Fraudulent Pegasus code was also spotted on code-sharing platforms, with scammers creating and sharing random source codes under NSO’s brand.
  • Apple’s recent decision to label attacks as “mercenary spyware” without specifying the source has inadvertently given these scammers more room to maneuver.

Need to know more?

Fly, Pegasus, Fly... Into the Ground

CloudSEK's sleuthing revealed a veritable flea market of Pegasus fakes, after diving headfirst into the murky waters of Telegram. These entrepreneurial scammers have been busy bees, whipping up homebrewed "spyware" and slapping the Pegasus label on it to attract buyers. It's like selling oregano as a high-grade herb – if you catch my drift. And guess what? People are buying it! Some even shelled out the price of a modest island for software that probably couldn't hack into a Tamagotchi.

Imitation is the Sincerest Form of Flattery... and Deception

It's a tale as old as time: counterfeit goods being peddled as the real deal. But when it comes to spyware, the stakes are a tad higher than getting caught with a fake designer handbag. CloudSEK's analysts went all Sherlock Holmes on these vendors, even getting their hands on live demos and snapshots of the so-called source code – which turned out to be as genuine as a three-dollar bill.

Apple's Mercenary Move and the Scammers' Delight

Apple's recent approach to categorize spyware-related attacks under the umbrella term "mercenary spyware" was like Christmas in April for these scam artists. No longer pinpointing the bad guys, Apple's new policy has inadvertently thrown a camouflage net over the Pegasus counterfeiters, letting them frolic freely in the wild. It's as if by not naming the monsters under the bed, Apple has inadvertently fed them.

A Wolf in Sheep's Coding?

The counterfeiters aren't just selling bogus code; they're playing a smarter game. By masquerading their malware as the infamous Pegasus, they're not only riding on NSO's coattails of notoriety but also making it harder for them to be spotted. It's like a con artist claiming to be a notorious jewel thief – it adds a certain je ne sais quoi to their persona while keeping the cops looking elsewhere.

Fake It Till You Make It

While NSO Group has been tight-lipped about the impact these fakes might have on their business, one thing's for sure: in the world of cyber deception, brand recognition is everything, even if it's infamous. And just like in the fashion world, it seems that in the dark corners of the internet, there's a premium on the brand – even if it's just a cheap imitation.

Tags: Code Misrepresentation, Fake Surveillance Software, NSO Group Impersonation, Online Scams, Pegasus Spyware Fraud, Telegram Market, Zero-Click Compromise