Public warned of ‘spyware’ targeting unsuspecting mobile phone users

November 10, 2023 - 3:49 PM
Mobile phone vector
Image by pch.vector via Freepik

The police’s anti-cybercrime group warned the public about a type of spyware designed to “secretly collect information” from mobile phone devices.

In a post on November 1, the Philippine National Police Anti-Cybercrime Group (PNP-ACG) introduced a cyber-threat called the Pegasus Spyware targeting unsuspecting owners of Apple and Android phones.

“Pegasus spyware is [a] zero-click mobile surveillance software designed to infiltrate iOS and Android devices to secretly collect information,” the group said.

The cops explained that this spyware’s “method of transmission” is through phishing, a type of scam where victims are enticed into giving their personal or sensitive information.

RELATED: Phishing disguised as hacking: GCash advises users vs scam targeting e-wallet users 

“Initially, Pegasus spyware spreads through phishing attacks, infecting phones through text messages with malware links clicked. After your phone is infected with Pegasus, it saves your login credentials with an undetected keylogger, then sends your personal information—such as device location, text messages, and app usage data,” the police said.

This advisory came after the spate of government agencies’ internal systems being compromised and exposed to cybercriminals in the past weeks.

The hacking of services of the Philippine Health Insurance Corporation (PhilHealth) was the largest so far, covering 13 million data of the state insurers’ members and employees.

RELATED: Philippine email users’ security breached an average three times since 2004, global stat says 

It was also issued in time for the holiday season when Filipinos are set to receive their mandated 13th month pay.

To avoid Pegasus Spyware damage, the police offered the following tips:

  1. Never open links or download attachments contained in unknown or unsolicited messages.
  2. Download files from trusted and verifiable sources. Avoid “third-party application repositories or other dubious download sites.”
  3. Never download anything from unknown or untrusted websites.
  4. Use real-time virus protection and be sure to enable malware scanning for email attachments.
  5. Keep your operating system, your antivirus, and the apps you use up to date.
  6. Schedule your antivirus to run regular scans.

In December last year, the PNP-ACG also warned the public about a fake cryptocurrency mobile application that scammers use to steal the Christmas bonuses and incentives of potential victims.

Under this modus operandi, scammers will lure their victims to invest their hard-earned money in this “fake” crypto app until such time that the investors can no longer withdraw their money.

READ: PNP-ACG warns public about fake crypto app targeting Christmas bonus recipients