Security Market Segment LS
Wednesday, 01 August 2018 11:30

Powerful mobile malware used to target Amnesty staffer

Powerful mobile malware used to target Amnesty staffer Pixabay

The human rights group Amnesty International says one of its staff has been targeted with powerful smartphone malware known as Pegasus which is sold by an Israel-based company NSO Group.

Amnesty said in a statement that its investigations showed that the malware had connections with more than 600 domain names, all of which had been previously identified as part of Pegasus.

The staffer in question, who is based in Saudi Arabia, received a suspicious WhatsApp message in June which included a malicious link.

The sender's number was that of a commercial provider which enables the sending of bulk SMS messages.

Amnesty said it had later identified another human rights defender in Saudi Arabia who had also received similar messages.

"These messages carried links to domains which we identified as part of that same network infrastructure used by NSO Group or its customers to deliver exploits and malware designed to silently harvest data from the victims’ phones," Amnesty said.

"This malware would allow an attacker complete access to the target’s phone or computer, essentially turning the device into a sophisticated eavesdropping and tracking tool to be used against them."

Amnesty found documentation on the NSO Group's site that described the kind of SMS messages its staffer had received as an "enhanced social engineering message".

Had the staffer clicked on the link in the SMS, he would have been connected through a network of anonymising nodes provided by NSO Group, which are designed to anonymise the final location of the Pegasus servers in a way that conceals the customer’s identity or origin.

Finally, the victim would end up at a server which would try to exploit his device and install the Pegasus malware.

Amnesty said it had identified two other characteristics that connected the message to the NSO Group. "One is evidence that connects the malicious links we received and collected with NSO Group network infrastructure that was previously discovered and publicly reported on by Citizen Lab.

"And, though more speculative, the second is a domain registration pattern showing that most of the domains in the NSO Group infrastructure were registered during Israeli working days and hours (where NSO is based)."

The rights organisation contacted NSO Group who said their product was meant to be used only for the investigation and prevention of crime and terrorism.

Amnesty said what it was doing — protecting human rights — was not a crime. "While law enforcement institutions in many countries have used secret surveillance in relation to national security objectives, Amnesty International as well as numerous other human rights organisations have documented cases where surveillance has been and continues to be carried out in a manner contrary to international human rights law - an important example being when people are targeted for surveillance based only on the exercise of their human rights," it said.

"In these cases, surveillance would amount to an 'arbitrary or unlawful' attack on their privacy or otherwise violate other human rights. Surveillance through the use of state-hacking tools such as those that NSO group provides is an extraordinarily invasive form of surveillance, and thus an especially problematic one under international human rights law and standards."


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments