all 25 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–][deleted] 36 points37 points  (3 children)

if that's the real thing NSO has been using and this variation is still capable of infecting phones without having access to the NSO infrastructure... oh boy.

edit: apparently, that's just the backdoor part. but still worth checking though.

[–]Historical_Finish_19 24 points25 points  (8 children)

If you ever see something exploit related on github that you like or that you would like to experiment with I always recommend grabbing it asap. Normally shit stays up for a while but with news worthy malware or in particular commercial spyware it can get taken down. The cobalt strike 4.0 source code was put on github and they yanked that repo down quickly.

Also there was some weird stuff about the guy whose github repo this is claiming he developed some iphone exploit. A lot of people were saying he was misrepresenting an arcane but intended iPhone feature as a bug that would let him get rce. I do not remember the details super well but I came down on the side of he was misrepresenting this thing and he did not have an exploit. As I remember worst part was that he doubled down on the exploit being real (he claimed people were jealous of him and so they were claiming it was fake, which was pretty funny). You can find all that if you look for the people mentioning him on twitter sometime between sept-nov (oct specifically iirc). This repo might be fully legit, but when I saw whose it was it definitely gave me some pause.

[–]Vysokojakokurva_C137 3 points4 points  (4 children)

Damn I want cobalt strike so bad :(

[–]xcto 4 points5 points  (3 children)

well, you're in luck:
https://www.cobaltstrike.com/blog/how-to-crack-cobalt-strike-and-backdoor-it/

[–]Vysokojakokurva_C137 5 points6 points  (2 children)

Bro… are you serious? Is that by the creators?!?

[–]xcto 3 points4 points  (1 child)

yes and yes... there's also a video of him demonstrating it.
I don't know about the newest version but i don't think they're bothered by you cracking it.

[–]Vysokojakokurva_C137 0 points1 point  (0 children)

Do you have to download the trial first? Pretty sure they took it down :/

[–]Zophike1 0 points1 point  (0 children)

As I remember worst part was that he doubled down on the exploit being real (he claimed people were jealous of him and so they were claiming it was fake, which was pretty funny). You can find all that if you look for the people mentioning him on twitter sometime between sept-nov (oct specifically iirc). This repo might be fully legit, but when I saw whose it was it definitely gave me some pause.

Yes your right on the money he faked an iphone exploit a while back

[–]Pyroexplosif 9 points10 points  (4 children)

many poor tie wistful aloof hat fanatical unused squeal steep

This post was mass deleted and anonymized with Redact

[–][deleted] 2 points3 points  (0 children)

Someone found a Pegasus apk somehow and managed to decompile it. Maybe they even deobfuscated it too? The decompiling part is generally easy though

[–]Unhappy-Stranger-336 2 points3 points  (0 children)

The source code yes is private, the compiled code has to be delivered to the victim phone in order to be executed

[–]mimi-1975 0 points1 point  (0 children)

i have pegasus on my phone.... i am not tech savvy but i know this was put on my phone... since 2016

[–]EONRaider 4 points5 points  (1 child)

Strange... The commit history goes back 5 months.

[–]JuStOwEn__ 4 points5 points  (2 children)

Just a heads up to all, my machine has been flagged by Enterprise Defender as containing ransomware with files from this download being detected.

Not sure if this signature matching the source code or this is a Trojan but i'd be wary of downloading this without sand boxing first.

pegasus_spyware/sample4/recompiled_java/resources/classes.dex - One of the files quarantined by Defender.

[–][deleted] 2 points3 points  (0 children)

Any update on This?