Mobile device security firm iVerify has created an app that allows users to scan their iPhone for the presence of Pegasus spyware, and it’s available for the one-time price of one American dollar. Pegasus spyware can infect an iPhone, allowing bad guys to access close to all of the data stored on the device.
The new app allows users to scan their iPhone or Android phone and send the results to the firms for analysis. iVerify says it has so far found seven smartphones infected by the spyware.
Pegasus spyware was created by Israeli cyber intelligence firm NSO Group. The group purchases new zero-day exploits from hackers. The vulnerabilities the spyware uses are referred to as zero-day as they are unknown to device manufacturers like Apple and Google. NSO then integrates the exploits into their Pegasus spyware, which can then be used to infect a targets device via zero-click exploits, which require no user interaction by the targeted victim.
Pegasus can be used to infect an iPhone via a text message in iMessage, even if the user does not open the message or interact with it in any way.
While it is true that NSO Group sells its software solely to governments, many of those governments have terrible human rights records. Those countries then use Pegasus to target political opponents, activists, journalists, and other users.
Wired first reported on iVerify’s Pegasus detector:
On Tuesday, the mobile device security firm iVerify is publishing findings from a spyware detection feature it launched in May. Of 2,500 device scans that the company’s customers elected to submit for inspection, seven revealed infections by the notorious NSO Group malware known as Pegasus.
The company’s “Mobile Threat Hunting” feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection.
While it is believed that the spyware most commonly targets high-profile individuals, iVerify says that the victims it has so far discovered included wider variety of users than expected.
“The really fascinating thing is that the people who were targeted were not just journalists and activists, but business leaders, people running commercial enterprises, people in government positions,” says Rocky Cole, chief operating officer of iVerify and a former US National Security Agency analyst. “It looks a lot more like the targeting profile of your average piece of malware or your average APT group than it does the narrative that’s been out there that mercenary spyware is being abused to target activists. It is doing that, absolutely, but this cross section of society was surprising to find.”
How to Scan Your iPhone for Pegasus Spyware
While iVerify focuses on offering a subscription scanning service to large companies and organizations, offering continuous scanning of corporate devices, the firm now also offers a reasonably priced method that allows individual smartphone owners to manually scan their personal devices.
The company’s iVerify Basics app is available for a one-time fee of just $0.99 for both iPhone and Android devices. In just a few seconds, users can manually scan their device for a Pegasus infections. Plus, once a month, they can generate and send a special diagnostic utility file to iVerify and receive an analysis within hours.
