Beware of Fake Amnesty International Antivirus for Pegasus that Hacks PCs with Malware

In yet another indicator of how hacking groups are quick to capitalize on world events and improvise their attack campaigns for maximum impact, threat actors have been discovered impersonating Amnesty International to distribute malware that purports to be security software designed to safeguard against NSO Group's Pegasus surveillanceware.

"Adversaries have set up a phony website that looks like Amnesty International's — a human rights-focused non-governmental organization — and points to a promised antivirus tool to protect against the NSO Group's Pegasus tool," Cisco Talos researchers said. "However, the download actually installs the little-known Sarwent malware."

The countries most affected by the campaign include the U.K., the U.S., Russia, India, Ukraine, Czech Republic, Romania, and Colombia. While it's unclear as to how the victims are lured into visiting the fake Amnesty International website, the cybersecurity firm surmised the attacks could be aimed at users who may be specifically searching for protection against this threat.

The development comes on the heels of an explosive investigation in July 2021 that revealed widespread abuse of the Israeli company's Pegasus "military-grade spyware" to facilitate human rights violations by surveilling heads of state, activists, journalists, and lawyers around the world. The NGO has since also released a Mobile Verification Toolkit (MVT) to help individuals scan their iPhone and Android devices for evidence of compromise.

Continue reading here