NSO Group Impersonated Facebook to Help Clients Hack Targets

[InfoSec News <alerts () infosecnews org>]

https://www.vice.com/en_us/article/qj4p3w/nso-group-hack-fake-facebook-domain

By Joseph Cox
Vice.com
May 20 2020

Infamous Israeli surveillance firm NSO Group created a web domain that looked 
as if it belonged to Facebook's security team to entice targets to click on 
links that would install the company's powerful cell phone hacking technology, 
according to data analyzed by Motherboard.

It is not uncommon for hackers working for governments to impersonate Facebook, 
perhaps with a phishing page that displays a Facebook login screen but which 
secretly steals a target's password. But NSO's approach complicates its ongoing 
conflict with the tech giant. NSO is currently embroiled in a lawsuit with 
Facebook, which is suing the surveillance firm for leveraging a vulnerability 
in WhatsApp to let NSO clients remotely hack phones. Motherboard has also found 
more evidence that NSO used infrastructure based in the United States; a server 
used by NSO's system to deliver malware was owned by Amazon.

A former NSO employee provided Motherboard with the IP address of a server 
setup to infect phones with NSO's Pegasus hacking tool. Motherboard granted the 
source anonymity to protect them from retaliation from the company. Pegasus can 
target modern iPhone and Android devices, and once installed on a device it can 
steal text and social media messages, track the GPS location of the phone, and 
remotely turn on the camera and microphone. NSO sells Pegasus in either 0- or 
1-click versions, with the former needing no interaction from the target, and 
the latter requiring the target to click a link.

[...]



--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_