What is Pegasus Spyware and Is Your Phone Infected?

  • By Greg Brown
  • Jan 26, 2023

Pegasus Spyware

There are plenty of secure and protected smartphones in this world; then there is the phone from Israeli startup Sirin Labs. Their first product, the Solarin, offers the most technologically advanced privacy outside the agency world. The device offers 256-bit AES encryption and a 23.9-megapixel rear sensor. Just make sure to bring your checkbook; the price is an exorbitant $13,500. The company’s blockchain-enabled smartphone, Finney U1, is priced more in line with its widely distributed competitors.

Smartphones are used for everything in the modern world of connected convenience. Banking, videos and pictures, personal scheduling, and much more are available on even the least expensive phones. The value to hackers has risen dramatically in recent years.

Mobile spyware has been infecting smartphones for nearly two decades, the first being the FakePlayer virus. The code was disguised as a media player, with the first victim being an employee of the security firm Kaspersky.

Smartphones are generally more secure than computers because the services mentioned above are designed for the phone. However, there are only so many manufacturers that can do to prevent spying and unlawful intrusion into a smartphone.

Smartphones now have advanced financial services built into their core, meaning almost every banking service is available to users. Predators are finding ways to install malicious apps that run in the background for click fraud. Other sinister apps can track a user’s location and provide personal information such as bank login credentials. 

Pegasus Spyware

From FakePlayer, malware code and spyware were developed by predator groups around the globe. Pegasus Spyware burst onto the scene in 2010 when Israeli cyber-intelligence, the NSO Group, developed the spyware code for eavesdropping and harvesting data.

Initially, Pegasus was unleashed on government officials, tracking world leaders, dissidents, and other activists. NSO claims the spyware is sold exclusively to government security and law enforcement to battle crime.

Pegasus works on IOS, Android, Blackberry, Windows Phone, and Symbian. Pegasus code can be installed on a target device covertly and leaves no trace of its existence.

How Does Pegasus Work?

Pegasus and similar code attack a victim’s phone with various methods, the most popular being a form of iMessage phishing. The code is sent to a device through SMS, and victims must click on a link. A more ominous threat vector is the use of zero-click. Pegasus can infect a machine with no user interaction.

Applications with access to the core OS are what a predator prefers. In Apple’s iMessaging SMS, vulnerabilities allow infection by simply receiving the message. 

Android vulnerabilities come from downloaded, non-supported apps and games. The Pegasus predator aims to take complete control of the operating system. With full control in mind, Pegasus attacks the Android OS by RootingJailbreaking is the preferred and most straightforward method on an iPhone. Tethered jailbreaks require the iPhone to be connected to a computer. 

Core elements embedded within the operating system are removed or modified by code. Pegasus and other spyware unlock the device so the predator can install additional malware. Individual users likely have no clue what is happening to their phones. 

How Pegasus Steals and Transmits its Data

Unlike social engineering and phishing scams, Pegasus is installed when the predator calls the target device via WhatsApp. Pegasus code enters the device even if the call goes unanswered. Malware will not transmit to the device if roaming is set to ON in an iPhone; this avoids the specter of high data charges.

After delivery to a victim’s device, Pegasus begins collecting data. This movement includes email, text messages, login credentials, contacts, browsing history, and anything else the predator wants. 

Pegasus has a few interesting features to contend with:

  • The code is designed never to use more than 5% of free space on the infected device. The space-limiting feature helps prevent malware from being detected.
  • One of the first procedures of Pegasus is to create an encrypted folder within the core of the device as a buffer. If the malware cannot transmit its results back to the crook, it stores the data in the buffered folder. 
  • Pegasus transmits its data back to the predator on a first in/first out configuration. This procedure ensures the predator receives the newest, most important information first.

Is Pegasus Installed on My Phone?

 how to detect pegasus spyware

The code is built to stay undetected and remain covert by the very nature of spyware and Pegasus. It is implausible that hackers will use spyware to monitor anyone other than a public or prominent figure. Try the following tool if you are going bonkers, not knowing if your phone is infected.

The following toolkit, MVT, works on the command line in your phone, so the application is not a polished user experience. Users must have basic knowledge and navigation skills around the terminal. MVT’s documentation will help.

Amnesty International Mobile Verification Toolkit (MVT) can provide evidence of Pegasus infection. MVT does not explicitly confirm or disprove whether a phone has been compromised; instead, the analysis confirms indicators of compromise. MVT runs on a phone data backup in either Linus or MacOS. The tool carefully examines each file and configuration on the device, looking for forensic traces of Pegasus.

Additional Protection From Pegasus

Well-built spyware, by all accounts, can go undetected in a user’s device and never be discovered. Unfortunately, there is no current solution to zero-click as well. Simple steps can be taken to minimize potential exposure to Pegasus.

  • Pegasus is deployed to an Apple device by opening a link sent by the iMessage app. and other messaging applications. A majority of cyber-criminals use the same technique to distribute their malware. 
  • Creating a stable and standardized operating system version is the best defense against Pegasus and spyware. Make sure the OS is updated and patched. Android users should not rely solely on notifications. 
  • Configure an Android or Apple device for biometrics. Modern smartphones of either operating system now have military-grade facial recognition and face-locking.
  • Avoid public wi-fi; predators sit in the lobby or dining area waiting for their next victim. Consider a VPN if you must use a public network.
About the Author
IDStrong Logo

Related Articles

How To Make Your IG Account Private

There are occasions when it makes more sense to have a private Instagram (IG) account. You might w ... Read More

Windows 10 Privacy Settings You Should Change Now

Privacy is a buzzword we hear a lot these days in the wake of data breaches, Wikileaks, and other ... Read More

How to Delete Your Facebook Account

It might seem absurd to some people who live on Facebook, deleting your Facebook account. But, man ... Read More

How to Change Network From Public to Private On Windows

Privacy has become a major concern for many of us after reading about all the data breaches, hacki ... Read More

Twitter Security and Privacy Settings Made Simple

With data breaches and ransomware intrusions in the news daily, privacy is the word on everyone&rs ... Read More

Latest Articles

Health Organization Records Stolen via Welltok’s MOVEit - 930k+ Including Minors

Health Organization Records Stolen via Welltok’s MOVEit - 930k+ Including Minors

The number of victims caused by the global MOVEit data breach continues to climb; Welltok has announced more exposures, this time from three more health organizations.

MOVEit Breach Creates More Victims; 105k Records Stolen from Insurance Group

MOVEit Breach Creates More Victims; 105k Records Stolen from Insurance Group

"Pan American Life Insurance Group Building - New Orleans" by Tony Webster is licensed under CC BY 2.0. Source: Flickr

New York Healthcare Provider Notified 600k Following Network Cyberattack

New York Healthcare Provider Notified 600k Following Network Cyberattack

East River Medical Imaging (ERMI) has three locations in New York City and Westchester County.  ERMI is a "multi-modality radiology center," including patient-centered solutions like MRIs, CTs, ultrasounds, imaging, radiology, fluoroscopy, and x-rays.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address