Remember how WhatsApp discovered a vulnerability that allowed spyware known as Pegasus to be injected into a phone via a voice calls? It’s been discovered that Pegasus is now capable of stealing user data from other accounts that are logged in on the affected phone.
According to a report by the Financial Times, once the spyware has managed to make its way into the victim’s phone, Pegasus would then be able to access and obtain data from accounts that include Apple, Facebook, Microsoft, and Google cloud services, to name a few.
This new capability is a visible upgrade over the previous version of the spyware, which was only capable of harvesting data directly from the phone’s storage.
Pegasus is a spyware that was developed by the Israeli firm known as NSO Group; the firm has a nefarious reputation for developing and selling such data gathering tools to governments and intelligence agencies, both at home and abroad.
Unsurprisingly, NSO Group has denied any and all accusations about its promotion of mass surveillance tools. Stating that its software are used by responsible governements. However, the firm never denied that Pegasus is capable of extracting data from other accounts.
On another surprising note, Financial Time did point out that there is a fix to prevent Pegasus from accessing your device; all you need to do is to change the app’s password.