Security researchers from Cisco Talos (opens in new tab) have discovered a new malware (opens in new tab) campaign in which cybercriminals are impersonating the human rights group Amnesty International (opens in new tab).
According to a new blog post (opens in new tab), the campaign is targeting those concerned about falling victim to the Pegasus spyware (opens in new tab) which was created by the NSO Group (opens in new tab) and distributed to authoritarian governments around the world to keep tabs on international journalists and activists.
Now though, cybercriminals have created a fake website impersonating the official site of Amnesty International which provides an antivirus (opens in new tab) tool that they claim can be used to protect against Pegasus.
- We've built a list of the best endpoint protection software (opens in new tab) around
- These are the best VPN (opens in new tab) services for protecting your privacy online
- Keep your devices virus free with the best malware removal software (opens in new tab)
While potential victims believe the software can help protect their privacy and keep them safe online, it actually installs a little-known malware called Sarwent.
Sarwent malware
The Sarwent malware can create a backdoor on a victim's system but it can also activate remote desktop protocol (opens in new tab) which would allow an attacker to access a user's desktop directly.
Due to the recent headlines regarding the Pegasus spyware, Cisco Talos believes that this campaign has the potential to infect many users. In fact, Apple also recently pushed out a security update for iOS (opens in new tab) that patched a vulnerability attackers had been exploiting to install Pegasus which led to even more people becoming aware of the spyware's existence.
Sarwent differs from other information stealers due to the fact that it has a look and feel similar to other antivirus software. It can exfiltrate any kind of data from a victim's computer but it also provides an attacker with the means to upload and execute other malicious tools as well.
Thankfully though, Cisco Talos has not yet observed any malicious advertisements (opens in new tab) or phishing campaigns (opens in new tab) being used to promote the fake Amnesty International website that distributes Sarwent. Still though, users should be on the lookout for the “Amnesty Anti Pegasus” software called “AVPegasus” and as always, they should avoid downloading and installing software from unknown sources online.
- We've also highlighted the best antivirus (opens in new tab)