Pegasus iPhone hacks used as lure in extortion scheme

A new extortion scam is underway that attempts to capitalize on the recent Pegasus iOS spyware attacks to scare people into paying a blackmail demand.

Last month, Amnesty International and non-profit project Forbidden Stories revealed that the Pegasus spyware was installed on fully updated iPhones through a zero-day zero-click iMessage vulnerability.

A zero-click vulnerability is a bug that can be exploited on a device without any interaction by the user. For example, if just visiting a website or receiving a message could exploit a vulnerability, this would be considered a zero-click hack.

It is believed that governments used this software to monitor the communication of politicians, journalists, human rights activists, and business executives worldwide.

Capitalizing on Pegasus spyware fears

This week, a threat actor began emailing recipients, telling them that their iPhone device was hacked with a ‘zero-click’ vulnerability to install the Pegasus spyware software.

The scammer says that they have been using Pegasus to monitor the recipient’s activities and have created videos of them during “the most private moments” of their lives.

The email warns that if a 0.035 bitcoin (approximately $1,600) payment is not paid, the threat actors will send the videos to the recipient’s family, friends, and business associates.

You can read the full text of this email below.

“Hi there

Hello, I’m going to share important information with you.

Have you heard about Pegasus?

You have become a collateral victim. It’s very important that you read the information below.

Your phone was penetrated with a “zero-click” attack, meaning you didn’t even need to click on a malicious link for your phone to be infected.

Pegasus is a malware that infects iPhones and Android devices and enables operators of the tool to extract messages, photos and emails,

record calls and secretly activate cameras or microphones, and read the contents of encrypted messaging apps such as WhatsApp, Facebook, Telegram and Signal.

Basically, it can spy on every aspect of your life. That’s precisely what it did.

I am a blackhat hacker and do this for a living. Unfortunately you are my victim. Please read on.

As you understand, I have used the malware capabilities to spy on you and harvested datas of your private life.

My only goal is to make money and I have perfect leverage for this.

As you can imagine in your worst dream, I have videos of you exposed during the most private moments of your life, when you are not expecting it.

I personally have no interest in them, but there are public websites that have perverts loving that content.

As I said, I only do this to make money and not trying to destroy your life. But if necessary, I will publish the videos.

If this is not enough for you, I will make sure your contacts, friends, business associates and everybody you know see those videos as well.

Here is the deal. I will delete the files after I receive 0.035 Bitcoin (about 1600 US Dollars).

You need to send that amount here bc1q7g8ny0p95pkuag0gay2lyl3m0emk65v5ug9uy7

I will also clear your device from malware, and you keep living your life.

Otherwise, shit will happen.

The fee is non negotiable, to be transferred within 2 business days.

Obviously do not try to ask for any help from anybody unless you want your privacy to be violated.

I will monitor your every move until I get paid. If you keep your end of the agreement, you won’t hear from me ever again.

Take care.”

Thankfully, there have been no payments to the bitcoin address listed in the sample email seen by BleepingComputer. However, other cryptocurrency addresses may be used as part of this scam.

You may be thinking that nobody would fall for this scam, but similar schemes have generated over $50,000 in a week in the past.

While receiving these types of emails can be anxiety-provoking, always remember that they are scams, and you should just mark them as spam and delete the email.