fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Pegasus iPhone Hacks Used as Lure in Extortion Scheme

Pegasus iPhone Hacks Used as Lure in Extortion Scheme

A new extortion scam is underway that attempts to capitalize on the recent Pegasus iOS spyware attacks to scare people into paying a blackmail demand.

Last month, Amnesty International and non-profit project Forbidden Stories revealed that the Pegasus spyware was installed on fully updated iPhones through a zero-day zero-click iMessage vulnerability.

A zero-click vulnerability is a bug that can be exploited on a device without any interaction by the user. For example, if just visiting a website or receiving a message could exploit a vulnerability, this would be considered a zero-click hack.

It is believed that governments used this software to monitor the communication of politicians, journalists, human rights activists, and business executives worldwide.

Also Read: Got A Notice of Data Breach? Don’t Panic!

Capitalizing on Pegasus spyware fears

This week, a threat actor began emailing recipients, telling them that their iPhone device was hacked with a ‘zero-click’ vulnerability to install the Pegasus spyware software.

The scammer says that they have been using Pegasus to monitor the recipient’s activities and have created videos of them during “the most private moments” of their lives.

The email warns that if a 0.035 bitcoin (approximately $1,600) payment is not paid, the threat actors will send the videos to the recipient’s family, friends, and business associates.

You can read the full text of this email below.

“Hi there
Hello, I’m going to share important information with you.

Have you heard about Pegasus?
You have become a collateral victim. It’s very important that you read the information below.

Your phone was penetrated with a “zero-click” attack, meaning you didn’t even need to click on a malicious link for your phone to be infected.
Pegasus is a malware that infects iPhones and Android devices and enables operators of the tool to extract messages, photos and emails,
record calls and secretly activate cameras or microphones, and read the contents of encrypted messaging apps such as WhatsApp, Facebook, Telegram and Signal.

Basically, it can spy on every aspect of your life. That’s precisely what it did.
I am a blackhat hacker and do this for a living. Unfortunately you are my victim. Please read on.

As you understand, I have used the malware capabilities to spy on you and harvested datas of your private life.

My only goal is to make money and I have perfect leverage for this.
As you can imagine in your worst dream, I have videos of you exposed during the most private moments of your life, when you are not expecting it.

I personally have no interest in them, but there are public websites that have perverts loving that content.
As I said, I only do this to make money and not trying to destroy your life. But if necessary, I will publish the videos.
If this is not enough for you, I will make sure your contacts, friends, business associates and everybody you know see those videos as well.

Here is the deal. I will delete the files after I receive 0.035 Bitcoin (about 1600 US Dollars).
You need to send that amount here bc1q7g8ny0p95pkuag0gay2lyl3m0emk65v5ug9uy7

I will also clear your device from malware, and you keep living your life.
Otherwise, shit will happen.

The fee is non negotiable, to be transferred within 2 business days.

Obviously do not try to ask for any help from anybody unless you want your privacy to be violated.
I will monitor your every move until I get paid. If you keep your end of the agreement, you won’t hear from me ever again.

Take care.”

Thankfully, there have been no payments to the bitcoin address listed in the sample email seen by BleepingComputer. However, other cryptocurrency addresses may be used as part of this scam.

Also Read: A Review of PDPC Undertakings July 2021 Cases

You may be thinking that nobody would fall for this scam, but similar schemes have generated over $50,000 in a week in the past.

While receiving these types of emails can be anxiety-provoking, always remember that they are scams, and you should just mark them as spam and delete the email.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us