A New Phone Scanner for Spyware Detection Has Discovered 7 Pegasus Infections

Staff
By Staff 5 Min Read

In recent years, there has been a significant uptick in the deployment of commercial spyware, leading to a broader range of actors targeting a diverse set of victims. Despite this growth, the narrative around the use of such malware has largely focused on highly targeted attacks against a select few, often centering on activists and journalists. Compounding this issue is the difficulty individuals encounter when trying to detect infections on their devices, resulting in a haphazard reliance on various academic institutions and non-governmental organizations (NGOs) that are working to develop effective forensic techniques to uncover mobile spyware. The introduction of new detection capabilities has shown that the risks associated with commercial spyware are more widespread than previously understood.

Recently, the mobile device security firm iVerify launched a spyware detection feature that has provided eye-opening results. From a pool of 2,500 device scans conducted by users choosing to participate, seven instances of infection with the infamous Pegasus malware from the NSO Group were identified. The Mobile Threat Hunting feature employs advanced techniques, including malware signature detection, heuristics, and machine learning, to monitor both iOS and Android devices for suspicious activity and indications of spyware. While this tool is available for paying customers who receive regular checks for compromise, iVerify also offers a free version through their iVerify Basics app, allowing users to conduct their own scans monthly, shedding light on the potential extent of spyware infections.

Rocky Cole, the company’s chief operating officer and a former National Security Agency analyst, emphasized that the profile of individuals targeted by spyware extends beyond just journalists and activists. Strikingly, those detected included business leaders and government officials, illustrating how mercenary spyware is being weaponized against a more diverse swath of society. This finding contradicts the established narrative that presents spyware as primarily a tool for attacking human rights advocates, showcasing a much broader spectrum of potential victims, as these attacks resemble those of average malware operations or advanced persistent threat (APT) groups.

The seven infections identified in a sample group of 2,500 may appear to be insignificant, particularly given that the users of iVerify’s monitoring service are already those invested in ensuring their device security. However, the very presence of these infections suggests that the threat of spyware is both real and pervasive. NSO Group, which manufactures the Pegasus malware, restricts its sales to vetted intelligence and law enforcement agencies, indicating the severity of misuse by these actors and the potential risk to ordinary citizens indirectly caught in the crossfire.

Developing the detection feature required considerable investment and innovation, particularly due to the inherent limitations of mobile operating systems, such as iOS and Android, which do not permit deep monitoring similar to desktop systems. Cole explains that the breakthrough came from harnessing telemetry data as close to the kernel as possible, enabling the development of machine learning models to identify spyware traits. The recent detections were made possible through a careful examination of diagnostic data, shutdown logs, and crash reports, underscoring the challenge of refining these tools with a focus on minimizing false positives.

The introduction of iVerify’s detection capabilities has already proven beneficial, notably enabling the identification of potential compromises involving notable individuals, such as Gurpatwant Singh Pannun, a Sikh political activist, and certain officials from the Harris-Walz presidential campaign. The revelations around the age of considering smartphones as inherently secure emphasize the necessity for more robust detection mechanisms. Cole’s assertion that users now possess the capability to determine if their phones are infected with commercial spyware points to a paradigm shift in mobile device security awareness and the importance of consistent monitoring in an era where spyware use is increasingly rampant.

Share This Article
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *