Fraudsters are posing as human rights group Amnesty International to trick individuals into downloading malicious software, researchers at Cisco’s threat intelligence unit Talos report.
Masquerading as the human rights group, hackers registered multiple domains using variations on the Amnesty name to advertise a demo for “Amnesty Anti Pegasus” software that could allegedly scan devices for the NSO Group spyware, which Amnesty has closely examined. The malware had a realistic-looking “Anti Pegasus” user interface. In fact, victims downloaded Sarwent, a malicious software that gives attackers a backdoor to a victim’s machine.
The campaign preys on growing concerns around the threat of spyware. Human rights advocates have long criticized the NSO Group for the use of its technology by governments to spy on activists, dissidents and journalists. A sweeping July report by Amnesty International and partners revealed that the spyware was using a vulnerability in the previous version of iOS to target more than three dozen victims. Apple patched against the vulnerabilities in September.