From en.secnews.gr
The malware appears and acts as part of a legitimate antivirus solution designed specifically to scan and remove the Pegasus trace system.
The Sarwent-based attacks have been going on since at least the beginning of the year and have targeted a variety of victim profiles in many countries.
The lure used in previous campaigns is not clear at this time, but researchers at Cisco Talos they found recently a new one attack where Sarwent was delivered through a fake Amnesty International website, which advertises Anti-Pegasus AV.