An Isreali cybersecurity company known as NSO Group developed spyware now spy cloud data from the servers of Apple, Google, Facebook, Amazon and Microsoft products over the latest iPhones and Android smartphones.

NSO Group developed spyware named as Pegasus that previously allowed to hack WhatsApp by exploiting the critical remote code execution vulnerability that resides in WhatsApp VOIP stack.

Pegasus is also known as flagship, a mobile spyware has been used almost a year by various spy agencies and government to spy data from targeted smartphones used by individuals.

NSO Group very concerns about their spyware and secretly maintaining their development of cyber weapons like Pegasus, which is only selling to governments to help prevent terrorist attacks and crimes. Important to mention that the Spy service costs millions of dollars.


Now the malware evolved with new capabilities to scrape the sensitive data, such as the full history of a target’s location data, archived messages or photos that stored beyond the phone in the cloud.

The new technique implemented with the spyware copy the authentication keys of services such as Google Drive, Facebook Messenger, and iCloud from infected.

“Having access to a “cloud endpoint” means eavesdroppers can reach “far and above smartphone content”, allowing information about a target to “roll in” from multiple apps and services.

According to the Financial Time report, NSO denied promoting hacking or mass-surveillance tools for cloud services. However, it did not specifically deny that it had developed the capability described in the documents. 

How It Works

Newly updated spyware Pegasus can infect any mobile devices including, many of the latest Android and iPhone devices, also it gains access to the cloud data that uploaded from laptops, tablets, and phones.

Initially, an updated version of Pegasus Infect the target phone and clones the login credentials from the phone on to the servers that used to login and access the cloud data.

Later, it retrieves data including location and messages from the infected victim’s cloud that he/she uploaded from all of their connected devices in years.

The malware allows for open-ended access to the cloud data of those apps, without triggering additional security layers like “2-step verification or warning email on the target device.

“All the scraped data will eventually be used for surveillance operations and the spyware to be continuing its surveillance even if Pegasus removed from the initially targeted smartphone.” Financial Time learned from a sales pitch documents that shared by NSO Group to its customer.

“Amazon said it had found no evidence its corporate systems, including customer accounts, had been accessed by the software but said it would “continue to investigate and monitor the issue”.

Facebook said it was “reviewing these claims”. Microsoft said its technology was “continually evolving to provide the best protection to our customers” and urged users to “maintain a healthy device”, Financial Times reported.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

BALAJI is a Former Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.


Please enter your comment!
Please enter your name here