From en.secnews.gr
![Pegasus](https://cdn.secnews.gr/xldIHLA.SaZv~42228/w:779/h:432/q:90/id:d5a76bb257a910f64fdb6c3887d619ee/https://www.secnews.gr/WhatsApp-Image-2021-07-18-at-4.50.31-PM.jpeg)
The malware appears and acts as part of a legitimate antivirus solution designed specifically to scan and remove the Pegasus trace system.
The Sarwent-based attacks have been going on since at least the beginning of the year and have targeted a variety of victim profiles in many countries.
The lure used in previous campaigns is not clear at this time, but researchers at Cisco Talos they found recently a new one attack where Sarwent was delivered through a fake Amnesty International website, which advertises Anti-Pegasus AV.