Detecting Pegasus spyware on your smartphone
Pegasus Spyware ¶
Pegasus Spyware is allegedly used by the Israeli NSO Group to spy not only on terrorists but also activists, journalists and politicians. This was reported on by investigative journalists in cooperation with Amnesty International.
Amnesty International at the same time released a tool allowing anyone to scan their phone for traces of this spyware.
Mobile Verification Kit ¶
While the Pegasus malware is supposed to be untraceable according to NSO Group, forensic traces of e.g., communication with NSO servers can be retrieved, as Amnesty International explains in their report.
Amnesty International released the Mobile Verification Kit on GitHub for anyone who wants to scan their phone for traces of Pegasus.
To install the MVK, check the GitHub repo and the docs. The scanning tool can be installed on Linux and Mac. Windows isn’t officially supported by you can use the Windows Subsystem for Linux and follow the Linux installation guide. Alternatively, you can use the MVT Docker image.
To use the tool, you will need to make a backup of your smartphone (Android or iOS) and you’ll need to perform some actions using the command line interface (CLI).
Note that because detecting the presence of the Pegasus spyware is so difficult, you may receive some false positives. Make sure you go through all of the alerts (Indicators of Compromise (IOC)) and verify them before drawing any conclusions.
Privacy Pegasus Amnesty International Mobile Verification Kit NSO Cybersecurity
2021-07-31 (Last updated: 2021-08-10)