A recent report has revealed how an Israeli man has supposedly tried to trade a notorious iPhone malware in exchange for $50 million worth of different cryptocurrencies. Whilst the deal did not succeed, the incident has highlighted the potentially disastrous effects such software could have if it falls into the wrong hands.
The man, a 38-year-old engineer from the coastal city of Netanya in Israel, was working for the cybersecurity firm NSO when this incident took place. The engineer, who was a lead programmer at the company, supposedly grew disgruntled as he was set to lose his job following a violation of the company’s policy.
This seems to have been the man’s motivation for attempting to sell the top-secret malware to non-government entities.
Following a pre-termination hearing, the Israeli man was allowed to return to his workstation where he connected a storage drive to his computer and accessed the firm’s service to download source code and other data needed to create a black market variant of Pegasus.
Pegasus is spy software that can be installed on Apple devices running iOS. Pegasus can covertly gather vast amounts of information from iOS devices, including location, calls, passwords, text messages and information from apps.
In addition to this, Pegasus can be installed simply through sending a text message with a hyperlink, which installs the spyware if the unsuspecting user clicks on the link.
Apple has supposedly patched this vulnerability through iOS 9.3.5, however, devices running older software would still be susceptible to it. Furthermore, it is unknown whether NSO may have tweaked the spyware to function on devices running newer versions of iOS as well.
Nonetheless, the engineer intended to sell this black market version of Pegasus over the dark web in exchange for $50 million worth of untraceable cryptocurrency, including Zcash, Monero, and Verge.
Nonetheless, this never came to be, as a prospective buyer grew increasingly doubtful and finally contacted NSO to inform them that their software was being offered for sale.
Israeli cyber crime police later arrested the man on the charge of, amongst others, ”jeopardizing the country’s security”. NSO has since stressed that Pegasus has not leaked to the public domain following this theft, and neither has any other confidential information.
The spyware is reportedly intended to help governments ”combat terror and crime” – however, if it were to fall into the wrong hands, it could do exactly the opposite.
Moreover, the fact that the Israeli man requested payment in cryptocurrencies is hardly surprising, due to the privacy aspects touted by Zcash and its ilk. Although this story ended on a positive note with the apprehension of the man, it is unlikely that this will be the last story we hear involving criminals and cryptocurrency.
Image Source: “Flickr”