This malware pretends to be Amnesty International protection from Pegasus

Amnesty Anti Pegasus antivirus software is actually the Sarwent malware

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security researchers fromCisco Taloshave discovered a newmalwarecampaign in which cybercriminals are impersonating the human rights groupAmnesty International.

According to a newblog post, the campaign is targeting those concerned about falling victim to thePegasus spywarewhich was created by theNSO Groupand distributed to authoritarian governments around the world to keep tabs on international journalists and activists.

Now though, cybercriminals have created a fake website impersonating the official site of Amnesty International which provides anantivirustool that they claim can be used to protect against Pegasus.

While potential victims believe the software can help protect their privacy and keep them safe online, it actually installs a little-known malware called Sarwent.

Sarwent malware

The Sarwent malware can create a backdoor on a victim’s system but it can also activateremote desktop protocolwhich would allow an attacker to access a user’s desktop directly.

Due to the recent headlines regarding the Pegasus spyware, Cisco Talos believes that this campaign has the potential to infect many users. In fact,Applealso recently pushed out asecurity update for iOSthat patched a vulnerability attackers had been exploiting to install Pegasus which led to even more people becoming aware of the spyware’s existence.

Sarwent differs from other information stealers due to the fact that it has a look and feel similar to other antivirus software. It can exfiltrate any kind of data from a victim’s computer but it also provides an attacker with the means to upload and execute other malicious tools as well.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Thankfully though, Cisco Talos has not yet observed anymalicious advertisementsorphishing campaignsbeing used to promote the fake Amnesty International website that distributes Sarwent. Still though, users should be on the lookout for the “Amnesty Anti Pegasus” software called “AVPegasus” and as always, they should avoid downloading and installing software from unknown sources online.

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

This dangerous new malware is hitting Windows devices by hiding in games

Windows PCs targeted by new malware hitting a vulnerable driver

How to watch Gold Rush season 15 online: live stream new episodes with a free trial