Phishing simulation Awareness training Data breach detection Pricing About Blog Resources Contact
Get started Log in

Pegasus: The spyware governments fear and use

Learn how Pegasus spyware operates, why it's highly controversial, and how it became one of the most advanced tools in global digital surveillance.

16-10-2023 - 10 minute read. Posted in: malware.

Pegasus: The spyware governments fear and use

Pegasus spyware: The infamous surveillance tool threatening digital privacy

We live in a time when digital privacy is more fragile than ever. One of the most notorious threats is Pegasus spyware. Originally created to help governments combat terrorism and crime, Pegasus has also been used to monitor journalists, activists, and political opponents, with investigations revealing a significant number of identified pegasus targets among activists, journalists, and civil society members. Notably, NSO Group's surveillance tools have been used against human rights defenders like Maati Monjib and Ahmed Mansoor, illustrating the severe implications of these attacks.

This has sparked a global conversation about surveillance, ethics, and cybersecurity.

This article explores how Pegasus spyware works, its origins, and why it has become so controversial.

Introduction to surveillance tools

Surveillance tools like Pegasus spyware have become a significant concern for civil society and human rights defenders worldwide. These sophisticated tools are designed to collect sensitive data from mobile devices, including both iOS and Android devices, often without the user’s knowledge. The use of such surveillance tools raises serious concerns about human rights abuses, particularly when they are deployed to target journalists, activists, and government officials.

Amnesty International’s Security Lab has been at the forefront of detecting Pegasus spyware and exposing its use in human rights abuses. Their efforts, along with those of other organizations, have highlighted the pervasive nature of this malicious software. The Pegasus Project, a collaborative investigation involving multiple media organizations, has shed light on the widespread use of Pegasus spyware by governments and other entities. This project has revealed the extent to which surveillance tools are being used to monitor and suppress civil society members, raising urgent questions about privacy and human rights.

What is NSO Group's Pegasus spyware

Pegasus is a powerful surveillance tool developed by the Israeli cybersecurity company NSO Group Technologies. While it was marketed as a tool for lawful investigations, Pegasus spyware has raised serious concerns because of how easily it can be abused. Instances of successful infection have been documented, where prominent journalists were targeted, with forensic evidence showing successful exploitation on their devices, including the tracking of processes and application interactions.

What makes it especially dangerous is its ability to infect devices silently, without any interaction from the user. This is known as a zero-click attack. The Pegasus Anonymizing Transmission Network employs a complex chain of servers and domains to obscure its actual locations and operations, enhancing the anonymity of the connections made to the infection servers.

How Pegasus spyware works

Pegasus spyware takes advantage of zero-day vulnerabilities in apps like iMessage, WhatsApp, and SMS systems to remotely access sensitive information, including text messages. These are flaws that developers haven’t discovered or patched yet.

Pegasus can be deployed via zero-click and one-click attacks, exploiting unpatched vulnerabilities to remotely install the malware without any action required from the victim.

Once a device is infected, Pegasus can:

  • Monitor messages, calls, emails, and even encrypted chats from apps like Signal and Telegram

  • Access photos, videos, and documents

  • Track the device’s location in real time using GPS

  • Activate the microphone and camera without the user knowing

  • Record keystrokes and capture sensitive data like passwords

Because it requires no clicks or downloads, Pegasus spyware is almost impossible for regular users to detect. Zero-click attacks, in particular, exploit zero-day vulnerabilities in smartphones, sometimes remaining undetected by the manufacturers, which poses a significant threat to the sensitive data of the victims. To better understand how this type of surveillance software works and the dangers it presents, read our full guide on spyware and how it compromises your privacy.

Civil Society and surveillance

Civil society organizations and human rights defenders are increasingly being targeted by surveillance tools like Pegasus spyware. The use of these tools against civil society raises significant concerns about the erosion of online privacy and the ability of individuals to express themselves freely. Surveillance tools can monitor communications, track movements, and collect sensitive data, making it difficult for activists and organizations to operate securely.

Amnesty International’s Security Lab has been instrumental in working with civil society organizations to detect and remove Pegasus spyware from their devices. Their efforts, along with the findings of the Pegasus Project, have highlighted the urgent need for greater transparency and accountability in the use of surveillance tools by governments and other entities. Civil society organizations are calling for stronger protections for human rights defenders and journalists, who are often the targets of such surveillance. The ongoing debate emphasizes the need to balance national security concerns with the protection of individual rights and freedoms.

Human rights defenders and surveillance

Human rights defenders are particularly vulnerable to surveillance, as they often work on sensitive issues and may be seen as a threat by governments or other entities. The use of surveillance tools like Pegasus spyware against human rights defenders can have a chilling effect on their work, making it more difficult for them to operate freely and safely.

Amnesty International has documented several cases of human rights defenders being targeted by Pegasus spyware, including in Jordan and other countries. These cases highlight the risks faced by those who stand up for human rights and the rule of law. The use of surveillance tools against human rights defenders raises serious concerns about the protection of human rights and the integrity of democratic institutions.

Human rights defenders are calling for greater protections and support to help them operate safely and securely in the digital environment. This includes stronger legal frameworks, better security practices, and increased awareness of the potential threats posed by surveillance tools. As the digital landscape continues to evolve, it is crucial to ensure that those who defend human rights can do so without fear of unlawful surveillance.

Controversies and global backlash

Although Pegasus was meant to fight serious crime, it has been involved in several high-profile scandals. Pegasus infections can compromise mobile devices through various methods, including physical or remote installation, leaving behind traces that can be analyzed forensically.

The spyware has been used to target journalists, activists, and political figures, leading to a global backlash. On iOS devices, forensic capabilities are available to detect such spyware, emphasizing the security challenges and the need for better auditing options to protect against potential breaches.

Journalists and activists targeted

Investigations revealed that Pegasus spyware was used to spy on human rights defenders, journalists, and opposition leaders in multiple countries. Various governments have also used Pegasus spyware to surveil human rights activists, raising concerns about the implications for personal privacy and the targeting of individuals advocating for human rights. This has raised concerns about freedom of speech and the right to privacy. Notable individuals, such as Hosam Gharaibeh, had their devices successfully infected multiple times over a span of several years, providing a timeline of the infections along with failed attempts.

Lawsuits and investigations

In 2019, WhatsApp filed a lawsuit against NSO Group, claiming the company used Pegasus to target over 1,400 users. One attack occurred shortly after a report on government repression, indicating a potential link between the findings of the report and the ensuing cyber threats. Victims included journalists and activists. Pegasus operators have the ability to remotely install the spyware on mobile devices, highlighting the ongoing capabilities and methodologies employed in surveilling individuals. The lawsuit accused NSO of violating U.S. federal law. WhatsApp has already been a victim of zero-click attacks – read more about how these threats have targeted the platform in the past.

The Pegasus project

In 2021, a group of international news outlets launched The Pegasus Project, revealing a list of tens of thousands of potential surveillance targets. Forbidden Stories played a crucial role as a coordinating entity in this investigation. This list included world leaders, diplomats, and business executives, showing just how far Pegasus spyware had spread. Forensic analysis was critical in examining mobile devices and documenting evidence of surveillance.

Export restrictions

Due to the backlash, the Israeli government restricted the export of Pegasus and other NSO software. Pegasus customers have been involved in the surveillance of individuals, including journalists and activists, using the spyware for purposes that often go beyond its marketed intentions of fighting crime and terrorism. However, it remains unclear how effective these restrictions are in practice. NSO Group's Pegasus has been revealed to facilitate extensive surveillance and human rights abuses, with detailed technical analysis showing how the spyware operates and its implications for privacy and freedoms globally.

Notable incidents

Pegasus spyware has played a role in several major international events:

  • Heads of state allegedly targeted by the spyware led to diplomatic tensions and demands for accountability. The Jordanian government has also been implicated in targeting political activists and human rights lawyers with spyware.

  • The spyware was linked to surveillance in authoritarian regimes, where it was reportedly used to suppress dissent. Palestinian activists in Jordan have faced increasing repression, leading public campaigns against the Israeli occupation and highlighting the broader crackdown on civil society.

  • Civil society groups and privacy advocates have called for international regulations to prevent abuse of surveillance tools

How to protect yourself from Pegasus spyware

While most everyday users are unlikely to be targeted by Pegasus, the spyware serves as a reminder of how important digital hygiene is. Here are some ways to protect your device and privacy:

  • Keep your software and apps updated to patch known security flaws. For removing Pegasus spyware, it is crucial to use resources like the MVT from Amnesty International.

  • Use encrypted messaging apps and file-sharing tools. Note that while other apps may be able to detect Pegasus, it is advisable to follow the specific instructions provided by organizations like Amnesty International.

  • Avoid clicking on suspicious links or downloading unknown attachments

  • Enable multi-factor authentication on all accounts

  • Use antivirus software to detect and block malware

  • Limit app permissions, especially access to your camera, microphone, and location

Security vs. privacy: An ongoing debate

Pegasus spyware has become the centerpiece of a growing debate around national security and civil liberties. Supporters argue it helps catch terrorists and criminals. Critics point out the lack of transparency and accountability, warning that unchecked surveillance technology can easily be misused. A dedicated legal team plays a crucial role in defending human rights and providing legal support to those affected by such surveillance.

There is growing demand for better regulations, stricter controls, and international cooperation to prevent abuse while still allowing authorities to fight serious crime. Citizen Lab has been instrumental in independently reviewing forensic methodologies and conducting investigations into spyware like Pegasus, highlighting the need for transparency and accountability.

Final thoughts

Pegasus spyware is a powerful example of how cutting-edge technology can serve both justice and injustice. Its capabilities are impressive, but its impact on human rights and democratic institutions is deeply concerning. Pegasus spyware works by using zero-click exploits to infect devices without user interaction, allowing it to monitor and collect sensitive data such as messages, emails, and location information.

As our reliance on digital communication grows, so does the need to protect privacy and limit the misuse of surveillance tools. NSO Group's Pegasus spyware has been misused to target journalists, human rights defenders, and activists, raising ongoing global concerns about its role in human rights violations and its impact on privacy and freedom of expression. Pegasus is no longer just a tool. It’s a symbol of the complex challenges we face in the modern cybersecurity landscape.

This post has been updated on 14-04-2025 by Sarah Krarup.

Author Sarah Krarup

Sarah Krarup

Sarah studies innovation and entrepreneurship with a deep interest in IT and how cybersecurity impacts businesses and individuals. She has extensive experience in copywriting and is dedicated to making cybersecurity information accessible and engaging for everyone.

View all posts by Sarah Krarup

Similar posts

Top 5 cyber threats in healthcare
cybercrime

Top 5 cyber threats in healthcare

The healthcare sector faces persistent cyber threats. Knowing these risks helps secure patient data and ensure continued and smooth operations.

13-08-2024 · 10 min.
The vulnerability of social media
awareness

The vulnerability of social media

More people are using social media to promote themselves and network. But is social media as safe as we think it is?

27-06-2023 · 9 min.
What are Indicators of Compromise (IoC)?
awareness

What are Indicators of Compromise (IoC)?

There are many specific concepts in the world of cybersecurity. IoC is one of them. Here we explain everything you need to know.

16-01-2023 · 7 min.