According to an investigative journalist team, the Israeli authors of the infamous Pegasus mobile spyware, NSO Group, have been using a spoofed Facebook login page, crafted to look like an internal Facebook security team portal, to lure victims in.
The news comes as Facebook alleges that NSO Group has been using U.S.-based infrastructure to launch espionage attacks. Both issues are relevant to Facebook’s quest to hold NSO accountable under U.S. laws (specifically the Computer Fraud and Abuse Act) for a spate of WhatsApp hacks that came to light last year.
Pegasus, which infects both Android and Apple smartphones, contains a host of spy features. After scanning the target’s device, it installs the necessary modules to read the user’s messages and mail, listen to calls, capture screenshots, log pressed keys, exfiltrate browser history and contacts and carry out other surveillance tasks as needed.