ONE Jailbreak Ad

Detect Pegasus spyware on iPhone

Promotion image of Detect Pegasus spyware article.

Pegasus, by NSO Group, stands as a potent example of covert surveillance technology. Engineered to discreetly infiltrate iOS and Android mobile devices, it epitomizes the intersection of innovation and intrusion. Although initially heralded as a tool to combat crime and terrorism, Pegasus has found nefarious applications in the hands of numerous governments worldwide. Under the guise of national security, it has been systematically employed to spy on journalists, legal practitioners, and political dissidents.

NSO Group's Pegasus demonstrated the capability to seize control of targeted devices, requiring no action on the part of the users. Leveraging both zero-day vulnerabilities and zero-click exploits, it injected malware into victims' devices, thereby enabling full surveillance. This included unauthorized access to and retrieval of sensitive data such as photos, GPS coordinates, text messages, emails, and more, further underscoring the extent of its invasive capabilities. Pegasus became famous because it was used against civilians worldwide.

Pegasus was accessed by government clients for money and was designed to "gather data from the mobile devices of specific individuals suspected to be involved in serious criminal activities and terrorism." Pegasus boasts a range of sophisticated capabilities, enabling remote installation on smartphones without any action required from the device owner.

Screenshot of terminal app running MVT NSO Group Pegasus indicators update.

Once deployed, it grants clients full control over the targeted device, facilitating access to messages from encrypted platforms like WhatsApp and Signal, Photos, call history, Contacts, and location, as well as enabling the activation of the microphone and camera.

NSO Group's Pegasus was meticulously engineered to evade detection by both users and researchers. However, despite its stealthy design, the software leaves behind subtle traces that can be indicative of its installation on the device. Amnesty International Security Lab released MVT allowing users to detect if Pegasus spyware was installed on iPhone or Android.

How to detect Pegasus spyware on iOS

To ascertain whether the Pegasus spyware has been installed on your iPhone, it is necessary to first create a backup of your device. Subsequently, employing a tool like the MVT becomes imperative in determining the presence of NSO Group's spyware on your iDevice.

MVT utilizes various indicators such as malware, relationships, bundled files, domain names, and Apple IDs associated with compromising your device, as well as monitoring running processes to effectively detect the installation of Pegasus. MVT uses pegasus.stix2 indicator to identify and detect Pegasus spyware from your iPhone backup file.

Note: Encrypted iOS backups contain additional intriguing records that are unavailable in their unencrypted counterparts. These encompass significant data such as Safari history, Safari state, and other pertinent information, enhancing the forensic analysis.

Follow those steps to detect Pegasus spyware on iOS:

Step 1. Install Mobile Verification Toolkit on Desktop.

Step 2. Connect your iPhone to your computer through a USB cable.

Step 3. Create an iPhone Backup (encrypted) using iTunes or command line tools.

Step 4. Open your preferred terminal application.

Step 5. Excetut the following command to decrypt the iOS backup.

mvt-ios decrypt-backup -d $decrypted_backup_directory $backup_directory

Step 6. Enter the password for encryption of the iOS backup file.

Step 7. Update MVT indicators to the latest version.

mvt-ios download-iocs

Step 8. Scan iOS backup with MVT to determine if Pegasus spyware was installed.

mvt-ios check-backup -o $mvt_output_directory $decrypted_backup_directory

Step 9. View the command line prompt for Pegasus spyware detection status.

Step 10. For further analysis, you can navigate through $mvt_output_directory files.

Author Photo
Written by

Kuba has over 20 years of experience in journalism, focusing on jailbreak since 2012. He has interviewed professionals from various companies. Besides journalism, Kuba specializes in video editing and drone flying. He studied IT at university before his writing career.

Post a comment

Latest Posts

Mobile Verification Toolkit

How to install Mobile Verification Toolkit (MVT)

Mobile Verification Toolkit (MVT) serves as a valuable tool for streamlining the consensual forensic analysis of iOS devices, enabling the identification of compromise indicators. This innovative toolkit, by the Amnesty International Security Lab, emerged...

Have a Jailbroken Firestick? Do this now!

Have a Jailbroken Firestick? Do These Things Right Now!

Jailbreaking Firestick has become a common practice. It opens up the device to various possibilities. Users get to install third-party streaming apps. It gives them access to entertainment content they otherwise cannot get through...

Email marketing can get you noticed

Email marketing can get you noticed

Famous Irish poet and playwright Oscar Wilde, celebrated for his wit and repartee, once said: “There’s one thing worse than being talked about – and that’s not being talked about…” Which is exactly the...