Despite the many complaints in recent years, the use of spyware by government agencies to monitor network activity remains strong. A new analysis of the Citizen Lab, a Canadian research laboratory specializing in privacy, detected the activities of Pegasus, one of the most dangerous spy viruses for Android and iOS, on smartphones spread across 45 countries in the past two years - including even Brazil on the list.

Pegasus is developed by the Israeli company NSO Group. The company creates monitoring tools that, like spyware, are able to breach the security of iPhones and Androids and access everything: network and location details to emails and social network accounts. Victims receive malicious links via email or message in classic phishing attacks. One click is enough for the virus to install itself through a breach in the operating system.


Bad record

Spyware was first detected by researchers at the Citizen Lab itself, in a joint survey with security company Lookout in 2016. An attack with the virus was directed at human rights activist Ahmed Mansoor in the United Arab Emirates.

At the time, the study also pointed to his presence on devices in Mexico, Israel, Turkey and a few other countries at the time - always with suspicion of political use. The company is known to have closed contracts with the Mexican and Panamanian governments.

The new findings

The new analysis greatly increases the range of regions in which the virus was active. In the last two years, from August 2016 - when the first survey was released - until last month, traces of the Pegasus appeared on 1.091 IP addresses over the web.

They were maintained by at least 36 different operators in 45 countries. Six of them have a history of abuse of the tool for human rights violations, and the laboratory also reinforces that there is evidence of its use on targets involved in political issues.

Here in Brazil, Pegasus' activities have continued since June 2017. The spyware control officer is an operator in Asia, identified by the Citizen Lab as Ganges, who also operates in Bangladesh, India, Pakistan and Hong Kong using the same political-themed address.

The number of infected, however, was not disclosed in the analysis. But the way to prevent infections is always the same: always be wary of links received by e-mail and messages, even if it is from an apparent acquaintance.