In most cases malware is associated with theft. From keyloggers that collect passwords and credit card details to sophisticated tools for breaking into secure company networks, malware has many uses – mostly for committing crime.

However, a new use has emerged in recent months – citizen surveillance.

Political activists and journalists under investigation

Messaging provider WhatsApp has contacted approximately 50 Indian account holders to advise they had been compromised. Each person’s phone had been infected by Pegasus spyware.

There are two things to note about this incident. First, Pegasus Spyware is a commercial product from Israeli security specialists NSO Group. Unlike malware, Pegasus does not spread itself; every installation is carefully targeted at specific individuals.

Second, use of Pegasus is restricted to government and law enforcement officials for the purposes of detecting and preventing crime and terrorism. NSO claim that every customer is carefully vetted to ensure use of Pegasus is ethical and legal.

The WhatsApp announcement suggests that NSO claims are not strictly true however. None of the users identified appear to be under investigation for any kind of crime – all were found to be journalists or political activists who speak in opposition to the current government in India.

Spyware gets political

The implication is that the Indian government is now using spyware to monitor their opponents and to track dissidents. The deliberate infection of smartphones is undoubtedly an invasion of privacy – but it could also be seen as an attempt to stifle free speech and political opposition in India.

The discovery of Pegasus spyware on phones belonging to non-criminals is not restricted to India either. Security specialists from The Citizen Lab believe that the Saudi Arabian government also used Pegasus to monitor the communications of the assassinated journalist Jamal Khashoggi.

Further analysis suggests at least six countries are using Pegasus to target civil society. In addition to Saudi Arabia, the report names Bahrain, Kazakhstan, Mexico, Morocco and United Arab Emirates are all committing potential human rights abuses uses mobile spyware.

Expensive and targeted

The technology behind Pegasus is top secret – and NSO Group charge a small fortune for every device they infect. NGO’ claims that use of their spyware is tightly controlled seem to be less than true; it appears that the ethical ‘safeguards’ used by NGO are far less effective than claimed.

The chances of the general public being affected by Pegasus remain relatively small – but it appears that mobile spyware may become an important tool for controlling populations of authoritarian regimes. With personal data, privacy and human right under threat, it has never been more important to install mobile anti-malware on your smartphone.

You can start by downloading Panda Free Antivirus here.

Download your Antivirus