Jeff Bezos hack: what is malware and are you vulnerable?

Reports that Jeff Bezos’ phone was hacked by malware in a WhatsApp message sent by the Saudi crown prince has fuelled fears of similar attacks on tech users worldwide.

The message sent to the billionaire Amazon boss is believed to have included an infected video file that infiltrated the device, according to The Guardian. “Large amounts of data were exfiltrated from Bezos’s phone within hours,” the newspaper says.

Computer expert Professor Alan Woodward told the BBC that such a hack is “horribly easy to do”. But just how great is the threat, and what can you do to protect yourself?

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

What is malware?

Malicious software, commonly known as malware, is “software developed by cyberattackers with the intention of gaining access or causing damage to a computer or network”, explains tech news site ZDNet.

In many cases, the victim “remains oblivious to the fact there’s been a compromise”, the site says.

Malware is “often created by teams of hackers”, says cybersecurity company AVG, which adds: “Usually, they’re just looking to make money, either by spreading the malware themselves or selling it to the highest bidder on the dark web.”

Some criminals use malware to demand a ransom for stolen sensitive personal data, while others are seeking access to information such as credit card numbers.

What malware was used to attack Bezos?

The specific malware used in the Bezos hack has not been determined, but some experts believe it may have been Pegasus, which The Times describes as a “highly sophisticated malware created by NSO Group, an Israeli cybersurveillance firm”.

In October, WhatsApp urged its 1.5 billion users to install an app update immediately, after the company discovered that Pegasus had been installed on thousands of phones via the messaging service.

“Once in the target’s phone, spyware lets a hacker access almost everything, including all messages, emails and incoming or outgoing calls, as well as pictures, cameras, microphones and location data,” says the newspaper.

How can you protect yourself from attacks?

Cybersecurity firm Kaspersky says that the answer to keeping gadgets malware-free “has two parts”: antivirus software packages and personal vigilance.

When it comes to the latter, be “wary of emails that ask you to provide passwords”, or “emails that seem to be from friends, but have only a message such as ‘check out this cool website!’ followed by a link”, says the company.

In the reported Bezos hack, the message is believed to have included a photograph and a crypitc message that said: “Arguing with a woman is like reading the Software Licence Agreement. In the end you have to ignore everything and click I agree.”

The Times says users should also beware of unexpected links posted in messaging groups, and “should also use a different password for every app and service, and where possible, enable two-step authentication”.

Ensuring that software is “patched and up to date”, and that “all operating system updates are applied as quickly as possible after they’re released”, will help too, adds ZDNet.