Pegasus

Pegasus was discovered in 2016. It is developed by Israeli cyber-arms company NSO. Pegasus is targeting smartphones and is capable of reading text messages, tracking calls, collecting passwords, location tracking, accessing the device's microphone and camera, and collecting information from apps. NSO stated that the spyware is intended to be used to combat terror and crime. However, many countries bought it to spy on those critical to the regime in the given location including activists, human rights defenders, journalists and even politicians. Up until 2019, some kind of interaction was needed from the user in order to install Pegasus, like clicking a link or opening a document. The last years have brought the zero-click exploit, meaning that the software can be installed with a missed call or a message; the record of the call can be canceled and there can be no notification for the message, meaning that the user doesn't even realize something is happening. Countries including Hungary, India, and even Saudi Arabia have bought it.

A consortium of 17 media organizations investigated Pegasus and released a list of 50000 phone numbers that could be possible surveillance or interesting targets for NSO since 2016; not everyone of them has been checked for traces but of the 67 examined in 2021, 37 turned out to have traces of Pegasus. The consortium also identified at least 1o governments who where entering numbers into a system: Azarbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India and United Arab Emirates.

An article from April 2023 states that an Indian defence agency bought spyware from Cognyte Software Ltd, which is seen as a Pegasus alternative. Cognyte collects information on, among others, journalists and critics of authoritarian regimes without their knowledge.

NSO has faced legal issues and heavy criticism by Microsoft, Meta, Alphabet, Cisco and Apple. Meta is pursuing a spyware lawsuit against Pegasus, accused of expoliting a bug in WhatsApp to install spy software allowing surveillance of 1400 people.

Amnesty International has developed a guide to check for traces of Pegasus on phones and a Mobile Verification Toolkit (MVT) to automatize the process.