NSO Group impersonates Facebook to spread spyware
NSO Group impersonates Facebook to spread spyware

A motherboard survey showed that NSO Group, the developer of the popular Pegasus spyware, is using a phishing login page on Facebook because the page is supposed to be used as an internal portal for the Facebook security team to attract victims.

When the news was released, Facebook claimed that the NSO Group was using the U.S. infrastructure to launch spy attacks. The two cases were linked to a NSO group's claim to Facebook last year due to a series of WhatsApp message attacks under U.S. law.

Spyware (Pegasus) that infects Android and iPhone phones includes a number of spyware features that allow users to read messages and emails, listen to calls, capture screenshots, record important movements, extract browsing history and contacts, and perform monitoring tasks Other if necessary.

According to the report, a former employee of the NSO Group provided an Internet Protocol (IP) address to configure servers to infect mobile phones with hacking tools (Pegasus). The former employee said: The IP address mentioned in the report is associated with Pegasus with one click. a.

The motherboard examined several DomainTools and Network Security Services (RiskIQ) negative databases, which displayed the web domains to which IP addresses were linked at different times.

The report said: "Internet Protocol (IP) addresses were associated with 10 domains in 2015 and 2016, and it appears that some domains are not harmful, such as unsubscribing from emails or following emails. - Sending FedEx mail and one of which has become a team name Facebook security. "

According to WHOIS documents, trademark protection company MarkMonitor received a domain name associated with fraud at the end of 2016. The company purchased a misleading domain name for the Facebook security team, and Facebook acquired the same domain name after two months to prevent others from using it. Offense.

The social media giant has reportedly recently taken legal action against Namecheap and Whoisguard to register over 45 domain names that mimic Facebook and its services.


Previous Post Next Post