Security researchers from Cisco Talos have discovered a new malware campaign in which cybercriminals are impersonating the human rights group Amnesty International.
According to a new blog post, the campaign is targeting those concerned about falling victim to the Pegasus spyware which was created by the NSO Group and distributed to authoritarian governments around the world to keep tabs on international journalists and activists.
Now though, cybercriminals have created a fake website impersonating the official site of Amnesty International which provides an antivirus tool that they claim can be used to protect against Pegasus.
- We've built a list of the best endpoint protection software around
- These are the best VPN services for protecting your privacy online
- Keep your devices virus free with the best malware removal software
While potential victims believe the software can help protect their privacy and keep them safe online, it actually installs a little-known malware called Sarwent.
Sarwent malware
The Sarwent malware can create a backdoor on a victim's system but it can also activate remote desktop protocol which would allow an attacker to access a user's desktop directly.
Due to the recent headlines regarding the Pegasus spyware, Cisco Talos believes that this campaign has the potential to infect many users. In fact, Apple also recently pushed out a security update for iOS that patched a vulnerability attackers had been exploiting to install Pegasus which led to even more people becoming aware of the spyware's existence.
Sarwent differs from other information stealers due to the fact that it has a look and feel similar to other antivirus software. It can exfiltrate any kind of data from a victim's computer but it also provides an attacker with the means to upload and execute other malicious tools as well.
Thankfully though, Cisco Talos has not yet observed any malicious advertisements or phishing campaigns being used to promote the fake Amnesty International website that distributes Sarwent. Still though, users should be on the lookout for the “Amnesty Anti Pegasus” software called “AVPegasus” and as always, they should avoid downloading and installing software from unknown sources online.
- We've also highlighted the best antivirus
