Register to stream ATT&CKcon 2.0 October 29-30

Pegasus for iOS

Pegasus for iOS is the iOS version of malware that has reportedly been linked to the NSO Group. It has been advertised and sold to target high-value victims. [1] [2] The Android version is tracked separately under Pegasus for Android.

ID: S0289
Type: MALWARE
Platforms: iOS
Version: 1.1

Techniques Used

Domain ID Name Use
Mobile T1433 Access Call Log Pegasus for iOS captures call logs. [1]
Mobile T1432 Access Contact List Pegasus for iOS gathers contacts from the system by dumping the victim's address book. [1]
Mobile T1409 Access Sensitive Data or Credentials in Files Pegasus for iOS accesses sensitive data in files, such as saving Skype calls by reading them out of the Skype database files. [1]
Mobile T1438 Alternate Network Mediums Pegasus for iOS uses SMS for command and control. [1]
Mobile T1412 Capture SMS Messages Pegasus for iOS captures SMS messages that the victim sends or receives. [1]
Mobile T1456 Drive-by Compromise Pegasus for iOS was distributed through a web site by exploiting vulnerabilities in the Safari web browser on iOS devices. [1]
Mobile T1404 Exploit OS Vulnerability Pegasus for iOS exploits iOS vulnerabilities to escalate privileges. [1]
Mobile T1477 Exploit via Radio Interfaces Pegasus for iOS was delivered via an SMS message containing a link to a web site with malicious code. [2]
Mobile T1430 Location Tracking Pegasus for iOS update and sends the location of the phone. [1]
Mobile T1429 Microphone or Camera Recordings Pegasus for iOS has the ability to record audio. [1]
Mobile T1400 Modify System Partition Pegasus for iOS modifies the system partition to maintain persistence. [1]
Mobile T1426 System Information Discovery Pegasus for iOS monitors the victim for status and disables other access to the phone by other jailbreaking software. [1]
Mobile T1422 System Network Configuration Discovery Pegasus for iOS monitors the connection state and tracks which types of networks the phone is connected to, potentially to determine the bandwidth and ability to send full data across the network. [1]

References