Is Pegasus spyware targeting journalists in India?  Premium

Amnesty International's Security Lab found traces of Pegasus spyware on the phones of two journalists in India, following Apple's security notification in October.

The story so far: The Washington Post and human rights non-profit Amnesty International have alleged that the spyware instance known as Pegasus continues to be in use, on this occasion targeting journalists in India. Based on newfound data from the latter organisation’s Security Lab, the two organisations have said the phones of founding editor of the online news portal The Wire, Siddharth Varadarajan, and South Asia editor of the Organised Crime and Corruption Report Project (OCCRP) Anand Mangnale were infected with the spyware. The alleged incursion was identified in October 2023 following a forensic analysis, and after phone-maker Apple had issued security notifications to its users, including certain Members of Parliament, that their iPhones were being targeted by “state-sponsored attackers”.

After Apple issued a security notification to certain iPhone users, including MPs, in October, researchers at Amnesty International’s Security Lab analysed the allegedly infected devices, including those belonging to Mr. Varadarajan and Mr. Mangnale. At the end of their examination, they reported finding traces of Pegasus’s activity on their respective devices.

Security Lab concluded that a message to facilitate a “zero-click exploit” had been sent to Mr. Mangnale’s phone over his iPhone’s iMessage app on August 23. (iMessage is an iPhone app to send/receive SMSes as well as chat with other iPhone users.) Once received, the message was designed to covertly install Pegasus on the device.

“The attempted targeting of Anand Mangnale’s phone happened at a time when he was working on a story about an alleged stock manipulation by a large multinational conglomerate in India,” an Amnesty report stated.

Mr. Varadarajan was allegedly targeted with Pegasus on October 16. According to Amnesty researchers’ analysis, the attacker had used the same email address to target both Mr. Varadarajan and Mr. Mangnale: natalymarinova@proton.me.

What is a zero-click exploit?

A zero-click exploit is malicious software that allows spyware to be installed on a device without the device owner’s consent. More importantly, it doesn’t require the device owner to perform any actions to initiate or complete the installation. To compare, regular apps may require a user to click ‘install’, ‘confirm’, etc. to complete an installation.