What is Pegasus spyware, and how can I avoid it?
Pegasus malware is an extremely sophisticated spyware tool developed for infiltrating mobile devices to secretly collect user’s data. It did not take long for Pegasus to be misused to spy on prolific journalists, politicians, political activists, lawyers, and regime critics.
Pegasus spyware price is steep, so it's highly unlikely to be used against casual Internet users. But if you belong to these high-profile targets, you should know how Pegasus spyware works. Simultaneously, in this article, we'll provide protection tips against spyware that isn't as sophisticated and undetectable as Pegasus.
What is Pegasus spyware?
Pegasus spyware is a mobile surveillance tool for iOS and Android devices, although more commonly found on the former. Developed by the Israeli NSO Group, this extraordinarily complex software relies on zero-day vulnerabilities to breach target devices and monitor communication.
|Malware type||A bundle of different malware that primarily acts as spyware|
|Device||iOS and Android|
|Symptoms||Designed not to reveal any symptoms, although it can be identified by primary infection methods (SMS or email with a backlink, unknown phone call, etc). The zero-click Pegasus version may lack such methods.|
|Damage||Due to highly effective data extraction, Pegasus infection can lead to arrests, identity theft, financial loss, and basic human rights infringement, depending on the attacker's goals.|
Pegasus is sold exclusively to governments to infiltrate criminals and prevent possible terrorist attacks. However, misuse cases are numerous, putting NSO Group under scrutiny by privacy and human rights proponents like Amnesty International.
Currently, NSO Group is in a legal standoff with Apple and WhatsApp (Meta) for exploiting both apps to hijack iOS and Android devices. Furthermore, Apple rushed to patch up vulnerabilities exploited by Pegasus in its recent iOS 16.6.1 update, indicating that NSO Group has not halted its operations.
How does Pegasus spyware work?
Pegasus spyware is distinctive in its complexity, efficiency, and undetectability. First detected in 2016, it exploited three zero-day iOS vulnerabilities: one in its Safari browser WebKit as a starting infection point and two in the iOS kernel to jailbreak the iPhone and execute Pegasus commands.
To infect target devices, Pegasus used a simple phishing scheme. Victims received a message with a backlink over SMS, email, Twitter, or any other communication tool they use. Once opened, Pegasus exploited the Safari WebKit vulnerability to silently install itself on the iPhone without displaying new processes or other alarm signs.
Pegasus then exploited iOS kernel vulnerabilities to jailbreak the iPhone and download espionage software. It then installed application hooks that the attackers chose to exploit, like WhatsApp, Telegram, iMessage, Gmail, and many more.
Pegasus spyware is not limited by the applications it attacks. It can also access the calendar, get GPS location, retrieve call logs, listen to phone calls, monitor SMS messages, and turn on a camera and microphone to make new recordings. Stolen data is sent to its Command-and-Control (C&C) servers using additional obfuscation methods.
If you think things can't get worse, recently, Pegasus has been upgraded to zero-click malware. That means a more expensive version of Pegasus spyware can infect the target device without user interaction, like clicking on a backlink.
How to detect Pegasus spyware?
Pegasus is exceptional in its sophisticated undetectability methods. The spyware uses advanced encryption and code obfuscation to prevent detection and has a self-destruct feature to erase any traces of its infection. These features prevent traditional antiviruses from identifying Pegasus malware.
However, the Amnesty International Security Lab has released a Mobile Verification Toolkit (MVT) to perform a forensic iOS or Android analysis to identify traces of compromise, including Pegasus spyware. Currently, it's the only tool that can confirm Pegasus spyware infection, although some versions may just as well avoid it. We must also warn you that using this tool requires at least some computing and Python knowledge.
How to remove Pegasus spyware from iPhone
Removing Pegasus spyware from your smartphone will not be easy. Furthermore, there are no guarantees the infection is cleared due to continuous Pegasus spyware updates from NSO Group.
The discussed Mobile Verification Toolkit is the only way to remove (some) Pegasus spyware versions from iPhone or Android. The process requires access to macOS or Linux operating systems and good technical skills, but you shouldn't expect anything less when dealing with malware of such complexity.
Is my phone infected with spyware?
Although confirming Pegasus is infecting your smartphone is extremely difficult, luckily, there are distinct signs if you have caught more common spyware, like CoolWebSearch, PhoneSpy, or FinFisher. Here are symptoms you should look for if you suspect spyware is infecting your smartphone:
- Slow performance. You will notice your smartphone is getting laggy and works slower than usual. It will consume more resources and quickly drain the battery.
- Suspicious apps. You may find suspicious apps you don't remember installing and dubious background processes. Some spyware hijack browsers to monitor victim's online activities and install third-party browser extensions without consent.
- Strange sounds during conversations. Spyware that aims to snoop on a private conversation may emit strange beeping sounds or otherwise negatively affect conversation quality. It's best to be mindful of any irregularities as they could indicate spyware infection.
- Increased mobile data consumption. Spyware will use mobile data to upload stolen information to the attacker's servers. Because it involves pictures, audio, or even video files, you can experience a sudden and significant surge in data consumption.
- Suspicious messages and emails. An SMS or an email with an infected backlink is a common way to spread spyware. If you receive many strange messages that include a backlink, chances are good that cybercriminals are targeting you.
How can I protect my device against spyware?
Spyware is particularly dangerous, as exposing personally sensitive information can lead to identity theft, financial fraud, or even political persecution and arrests. Here are easy-to-follow tips to protect your device from common spyware threats:
- Use an antivirus. Most spyware programs do not have elaborate obfuscation methods and are easily identified by professional antivirus software like TotalAV. We recommend regularly scanning your device to remove existing threats and enabling real-time online protection to prevent new infections.
- Avoid software bundles. Cybercriminals often place spyware bundled with legitimate software. Choose an advanced or custom installation option, carefully inspect each program for suspicious entries, and don't allow them to be installed on your device.
- Practice safe browsing. Refrain from hastily clicking on backlinks in emails, text messages, messaging apps, and online forums. Hackers will do their best to make it look convincing, but any backlink from an unverified source should raise an eyebrow.
- Update software apps. Spyware like Pegasus can exploit vulnerabilities in numerous apps. It's essential to apply software updates as soon as possible as they include fixes for said vulnerabilities and prevent spyware from stealing your data.
It's an open question what the future holds for Pegasus spyware, as it remains one of the most sophisticated and controversial cyber-espionage tools. More so, the spyware is actively developed and distributed by the NSO Group, exploiting new iOS and Android vulnerabilities to maintain efficiency.
Although detecting Pegasus spyware on smartphones is extremely hard and requires advanced technical know-how, more common spyware examples aren't that resilient. We recommend using a reliable antivirus like TotalAV to scan your device to remove existing malware regularly. Lastly, refrain from clicking on backlinks via emails, text messages, or messaging apps from unverified sources, as this is a widespread spyware distribution method.
More antivirus guides from Cybernews:
Can an antivirus detect and remove Pegasus spyware?
No current antivirus is capable of reliably detecting and removing the Pegasus spyware. Because this surveillance tool uses advanced encryption and code obfuscation, traditional antiviruses fail to detect it as a threat and do not alert the user of Pegasus presence.
How common is Pegasus spyware?
Although there is no reliable statistical data, Pegasus spyware is not a common infection due to its extraordinarily high costs. It targets single high-profile individuals instead of attempting to infect as many devices as possible, like the renowned WannaCry ransomware.
How do I scan for spyware?
The best way to detect spyware on your device is by scanning it with a capable antivirus, like . Although it will detect and neutralize the majority of contemporary spyware threats, it will not protect against Pegasus spyware that successfully evades any detection due to its sophisticated development.