WhatsApp confirms: Israeli spyware was used to snoop on Indian journalists

The Pegasus Method

To monitor a target, a Pegasus operator must convince a target to click on a specially crafted ‘exploit link’ which allows the operator to penetrate security features on the phone and installs Pegasus without the user’s knowledge or permission. Once the phone is exploited and Pegasus installed, it begins contacting the operator’s command and control servers to receive and execute operator commands, and send back the target’s private data, including passwords, contact lists, calendar events, text messages, and live voice calls from popular mobile messaging apps. The operator can even turn on the phone’s camera and microphone to capture activity in the phone’s vicinity. In the latest vulnerability, the subject of the lawsuit, clicking the ‘exploit link’ may also not be required and a missed video call on WhatsApp will have enabled opening up the phone, without a response from the target at all.