In May 2019, WhatsApp identified a bug in its call function. The bug was used to install a malicious code into users’ phones On October 29, it identified the malicious code as Pegasus, a spyware developed by an Israeli company called NSO.
The code is transmitted by calling the target phone on WhatsApp. It enters the phone even if the call is not answered. This is only one of the ways of delivering Pegasus.
Once installed, it can send the target’s contacts, calendar events, phone calls and messages on communication apps like WhatsApp and Telegram to the spyware’s controller. It can also turn the phone into a spying device by switching on its camera or microphone.
Over 100 human-rights activists, lawyers, and journalists were targeted across the globe including several lawyers and journalists in India.
Apple’s iOS security update 9.3.5 takes care of the vulnerability exploited by Pegasus. Google says it identifies infected Android phones, disables the malware and informs the targets. Meanwhile, WhatsApp and its parent company Facebook have sued NSO in a U.S. court.