This malware pretends to be Amnesty International protection from Pegasus

Antivirus Software
(Image credit: Shutterstock)

Security researchers from Cisco Talos have discovered a new malware campaign in which cybercriminals are impersonating the human rights group Amnesty International.

According to a new blog post, the campaign is targeting those concerned about falling victim to the Pegasus spyware which was created by the NSO Group and distributed to authoritarian governments around the world to keep tabs on international journalists and activists.

Now though, cybercriminals have created a fake website impersonating the official site of Amnesty International which provides an antivirus tool that they claim can be used to protect against Pegasus. 

While potential victims believe the software can help protect their privacy and keep them safe online, it actually installs a little-known malware called Sarwent.

Sarwent malware

The Sarwent malware can create a backdoor on a victim's system but it can also activate remote desktop protocol which would allow an attacker to access a user's desktop directly. 

Due to the recent headlines regarding the Pegasus spyware, Cisco Talos believes that this campaign has the potential to infect many users. In fact, Apple also recently pushed out a security update for iOS that patched a vulnerability attackers had been exploiting to install Pegasus which led to even more people becoming aware of the spyware's existence.

Sarwent differs from other information stealers due to the fact that it has a look and feel similar to other antivirus software. It can exfiltrate any kind of data from a victim's computer but it also provides an attacker with the means to upload and execute other malicious tools as well.

Thankfully though, Cisco Talos has not yet observed any malicious advertisements or phishing campaigns being used to promote the fake Amnesty International website that distributes Sarwent. Still though, users should be on the lookout for the “Amnesty Anti Pegasus” software called “AVPegasus” and as always, they should avoid downloading and installing software from unknown sources online.

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.