How does Pegasus work to infiltrate chats?

There isn’t enough detail in this article to know what really happened.

There could have been an unauthorized silent member in the group chat added via social engineering. One of the chat members WhatsApp account could have been compromised via phishing.

Or there could have been mercenary spyware deployed against one or more group chat members that collected decrypted data from their phone.

Always remember that any communication activity is only as safe as the least secure participant. If 5/6 group chat members have great OPSEC it doesn’t matter if number 6 clicks every link sent to them.

All of these have happened before and the best defenses known to be effective:

• Don’t use WhatsApp….its a security nightmare for many reasons
• Use Lockdown Mode on iOS or use a GrapheneOS Pixel device. These are the only known ways to defend against advanced spyware threats with real world data on effectiveness

Some additional steps:

• On any messenger app you use, disable auto download of media and link previews (they can be used in zero click attacks)
• DNS filtering via profile may help, especially against social engineering/spearphishing one-click attacks
• If you trust iVerify, use it to periodically check for infection

Highly capable mercenary spyware has continued to proliferate at an alarming rate. But there are steps normal people can take to mitigate the danger to a decent degree thanks to things like Lockdown Mode and the Graphene project.