It was recently revealed that the malicious tool Pegasus, developed by the Israeli business NSO Group for law enforcement and intelligence organizations, is routinely used to secretly spy on citizens of many nations.
At least 50 thousand devices have been compromised worldwide, according to information security experts. This number may not sound alarming, but Pegasus is really dangerous: it lets you to gain complete control of your smartphone, read your emails in secret, listen in on phone calls, and see photographs and videos.
Popular antiviruses cannot detect Pegasus since this malware exploits zero-day vulnerabilities that are unknown to the developers of operating systems and antivirus applications. The human rights organization Amnesty International has developed a utility that allows you to identify this malware.
It is called MVT (Mobile Verification Toolkit), and its source code is available on GitHub, reported by international media. The MVT utility is compatible with Android and iOS, but there are no ready-made solutions for the quick installation of the application. They need to be compiled for a specific device, which can be done only on a computer with Linux or macOS.
The program transfers a backup copy of the data from the smartphone to the computer, examines all data to see whether the device is infected with the Pegasus spyware, and notifies the user if his data has been hacked and sent to third parties.
This utility, in particular, scans data transfer logs – it is there that infection indicators can most likely be found (information about sending calls history, SMS, IM messages, and other things to a remote server). On iOS, these logs are stored longer than on Android, so it is much easier to detect the Pegasus spyware on the iPhone.
Given the complexity of using the Mobile Verification Toolkit, this utility should only be recommended for tech-savvy users or those who suspect Pegasus is tracking them. Information security experts believe that this spyware is used for targeted surveillance.
It infects not random devices but only smartphones belonging to specific people whose activities are of interest to those who control this software. Each Pegasus license costs hundreds of thousands of dollars, so surveillance is mainly carried out on those with valuable information (for example, politicians, business leaders or journalists of major publications).
Although the Pegasus case has become very popular in the news recently, hundreds of other spy apps continue to run silently and spy on their victims. Many programs operate in a gray area posing as parental control or other legitimate applications.
Pegasus is not only limited to phones but to your smart home devices as well. Be careful, practice good digital hygiene, and stay safe.