https://www.vice.com/en_us/article/qj4p3w/nso-group-hack-fake-facebook-domain
By Joseph Cox
Vice.com
May 20 2020
Infamous Israeli surveillance firm NSO Group created a web domain that looked
as if it belonged to Facebook's security team to entice targets to click on
links that would install the company's powerful cell phone hacking technology,
according to data analyzed by Motherboard.
It is not uncommon for hackers working for governments to impersonate Facebook,
perhaps with a phishing page that displays a Facebook login screen but which
secretly steals a target's password. But NSO's approach complicates its ongoing
conflict with the tech giant. NSO is currently embroiled in a lawsuit with
Facebook, which is suing the surveillance firm for leveraging a vulnerability
in WhatsApp to let NSO clients remotely hack phones. Motherboard has also found
more evidence that NSO used infrastructure based in the United States; a server
used by NSO's system to deliver malware was owned by Amazon.
A former NSO employee provided Motherboard with the IP address of a server
setup to infect phones with NSO's Pegasus hacking tool. Motherboard granted the
source anonymity to protect them from retaliation from the company. Pegasus can
target modern iPhone and Android devices, and once installed on a device it can
steal text and social media messages, track the GPS location of the phone, and
remotely turn on the camera and microphone. NSO sells Pegasus in either 0- or
1-click versions, with the former needing no interaction from the target, and
the latter requiring the target to click a link.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
