Fake Amnesty International Pegasus scanner used to infect Windows


Threat actors are trying to capitalize on the recent revelations on Pegasus spyware from Amnesty International to drop a less-known remote access tool called Sarwent.

The malware looks and acts the part of a legitimate antivirus solution specially created to scan the system for traces of Pegasus traces and to remove them.

Antivirus look with a RAT’s bite

Sarwent-based attacks have been running since at least the beginning of the year, in January, and targeted a variety of victim profiles in several countries.