“Colleagues of slain Javier Valdez Cárdenas, known for investigating drug cartels, were targeted just days after his death. Of six messages analyzed (though more were received), several contained links shortened with bit.ly that ultimately pointed to known exploit URLs, while others included links directly containing previously–identified NSO Group exploit domains. ‘Based on prior Citizen Lab analysis of NSO Group exploit servers, we conclude that clicking on any of the links would have resulted in the silent infection of the device with Pegasus spyware,’ Citizen Lab said. Overall, Citizen Lab and its Mexican collaborators have previously disclosed 22 targets of Pegasus in Mexico, so the total now stands at 24.
Pegasus contains a host of spy features, which can be used to infect the user’s smartphone, track keystrokes, take control of the phone’s camera and microphone, and access contact lists. ‘As for surveillance, let’s be clear: We’re talking total surveillance,’ Kaspersky Lab said in a 2017 overview of the spyware. ‘Pegasus is modular malware. After scanning the target’s device, it installs the necessary modules to read the user’s messages and mail, listen to calls, capture screenshots, log pressed keys, exfiltrate browser history, contacts, and so on and so forth. Basically, it can spy on every aspect of the target’s life. It’s also noteworthy that Pegasus could even listen to encrypted audio streams and read encrypted messages — thanks to its keylogging and audio recording capabilities, it was stealing messages before they were encrypted (and, for incoming messages, after decryption).’ Pegasus was developed by Israel-based NSO Group, which has long been suspected to be part of an ethically grey-scaled world of cyber-arms/defense-dealing that also includes groups like FinFisher, Hacking Team, Vupen and Zerodium.”