/pegasus_spyware

decompiled pegasus_spyware

Primary LanguageSmaliMIT LicenseMIT

Pegasus Spyware Samples Decompiled & Recompiled

Pegasus Spyware Product Manual 2013

Author: Jonathan Scott @jonathandata1

CURRENT VERSION 4.0

About Jonathan Scott

My name is Jonathan Scott, and I'm an American Security Researcher. I am currently a computer science PhD student at North Central University. My research focus is mobile spyware. I have been a mobile security engineer for ~13 years.

I was recently assigned an LVE from LG that affects all LG mobile devices in the world. I discovered a backdoor in all LG Mobile Devices that allows the attacker to live inside your device undetected. This has been built into the MTK chipsets since the 1st LG Smart Mobile Device (Cellphones and Tablets).

LVE-SMP-210010 source: https://lgsecurity.lge.com/bulletins/mobile#updateDetails PEGASUS SPYWARE 5.1

Description:

Operating System: AndroidOS

Samples 1-5.1 are executable and functional. I am still working on cleaning up Sample #6, but most the XML data can be read.

Steps To Install & Research The Spyware Samples

  1. Enable ADB on your android
  2. Disable Android Protect
  3. adb install sample#.apk
  4. launch the apk, example adb shell am start com.xxGameAssistant.pao/.SplashActivity

Update: Sample 5.1

This sample can be installed as a standalone apk, but you will need to uninstall sample 5.

adb uninstall com.network.android

Sample 5.1 is also called com.network.android

Samples Included

Sample # Hash
Sample 1 d257cfde7599f4e20ee08a62053e6b3b936c87d373e6805f0e0c65f1d39ec320
Sample 2 cc9517aafb58279091ac17533293edc1
Sample 3 bd8cda80aaee3e4a17e9967a1c062ac5c8e4aefd7eaa3362f54044c2c94db52a
Sample 4 144778790d4a43a1d93dff6b660a6acb3a6d37a19e6a6f0a6bf1ef47e919648e
Sample 5 7c3ad8fec33465fed6563bbfabb5b13d
Sample 5.1 3474625e63d0893fc8f83034e835472d95195254e1e4bdf99153b7c74eb44d86
Sample 6 530b4f4d139f3ef987d661b2a9f74f5f
Product Manual 2013 f6f0170d41075766b5ea18508453fa68dc946b8c58eaea4281b36207a32c7ade

Acknowledgements

@vxunderground for providing the samples

@recordedfuture for sample validation

@botherder Claudio Guarnieri - (Head of Security Lab at Amnesty International) - 2013 Product Manual

PEGASUS SPYWARE 5.1

Product Manual: 2013 Edition

Author: Guy Molho - Former NSO Director, Product Management

Document Hash: f6f0170d41075766b5ea18508453fa68dc946b8c58eaea4281b36207a32c7ade https://www.virustotal.com/gui/file/f6f0170d41075766b5ea18508453fa68dc946b8c58eaea4281b36207a32c7ade

Author Validation:

exiftool 2013-NSO-Pegasus.pdf Creator Tool : Adobe Acrobat 8.0 Combine Files Create Date : 2013:12:23 14:53:39-06:00 Metadata Date : 2013:12:23 14:53:39-06:00 Producer : Adobe Acrobat 8.0 Creator : Guy Molho Format : application/pdf

PEGASUS SPYWARE User Manual

PEGASUS SPYWARE RAW DECOMPILED