Select Page

Three dozen journalists working for Al Jazeera had their iPhones stealthily compromised via a zero-click exploit to install spyware as part of a Middle East cyberespionage campaign.

In a new report published yesterday by University of Toronto’s Citizen Lab, researchers said personal phones of 36 journalists, producers, anchors, and executives at Al Jazeera, and a journalist at London-based Al Araby TV were infected with Pegasus malware via a now-fixed flaw in Apple’s iMessage.

Pegasus is developed by Israeli private intelligence firm NSO Group and allows an attacker to access sensitive data stored on a target device — all without the victim’s knowledge.


“The shift towards zero-click attacks by an industry and customers already steeped in secrecy increases the likelihood of abuse going undetected,” the researchers said.

“It is more challenging […] to track these zero-click attacks because targets may not notice anything suspicious on their phone. Even if they do observe something like ‘weird’ call behaviour, the event may be transient and not leave any traces on the device.”

images from Hacker News