Self-scans reveal that Pegasus, an invasive and powerful spyware that can secretly control phones and track owners, might be more widespread than previously thought. It was discovered on the phones of everyday phone users.
Mobile security platform iVerify uncovered seven Pegasus infections after 2,500 users scanned their devices. This rate of 2.5 infected devices per 1,000 scans is much higher than previously believed.
“A number that might seem small, but represents a massive red flag in the world of mobile security,” the firm said.
Up until recently, sophisticated malware investigations were limited to a “microscopic sample of devices,” typically belonging to high-risk targets, such as political activists, government officials, and journalists.
In May 2024, iVerify released a publicly available tool, an app capable of scanning any mobile device.
“Without a single advertisement, 2,500 of our users jumped at the chance to scan their devices,” the company said. “The results of those scans validated what we already assumed: if you scan for it, you will find it. We uncovered seven Pegasus infections.”
Interestingly, most of the discovered infections weren’t recent. One potential Pegasus infection was from late 2023 on iOS 16.6, another was carried out in November 2022 on iOS 15, and five older infections dated back to 2021 and 2022 across iOS 14 and 15.
“It was hiding in plain sight, undetected by traditional endpoint security measures.”
Pegasus is known for its ability to operate in memory and self-delete, removing all traces of its presence. The report does not explain why the spyware might have failed to remove the evidence of its presence on the analyzed devices. The firm said it discovered five unique malware types and forensic artifacts were detected in diagnostic data, shutdown logs, and crash logs.
The 2,500 devices analyzed still represent people who are more likely to be targeted by advanced spyware, as they put more effort into finding the tool and scanning their devices.
Pegasus is an extremely sophisticated spyware tool developed by the Israeli NSO Group. It exploits unknown vulnerabilities to target Android and iOS users and is sold exclusively to governments. Due to its invasive nature, the mobile surveillance tool is scrutinized by privacy and human rights proponents like Amnesty International. NSO Group is in a legal standoff with Apple and Meta.
According to iVerify, Pegasus represents the pinnacle of invasive spyware technology. It is delivered as a zero-click attack that exploits operating system vulnerabilities. The spyware gains complete device control with access to messages, emails, calls, and photos.
The firm hopes that democratizing detection will shine a light “into the darkest corners of mobile security,” and help understand and defend against invisible threats.
Matthias Frielingsdorf, co-founder and iOS Security Researcher at iVerify, will present the firm's findings at the Objective by the Sea v7.0 security conference this week.
Your email address will not be published. Required fields are markedmarked