The Unimaginable Reach of Israel's Pegasus Spyware: 7 Infections Detected Among 2,500 Checks

Israel's NSO Group, the developer behind the infamous Pegasus spyware, has frequently made headlines over the past few years. Pegasus has exploited iOS systems to infect devices silently, enabling unauthorized access to cameras and microphones for eavesdropping without any user interaction.

Typically, infected users wouldn't know they've been compromised as there would be no discernible icons or settings changes. However, traces of infection can still be found in the iOS system diagnostic logs.

In May 2024, mobile security software developer iVerify launched an app of the same name. This app can analyze diagnostic logs to detect signs of infection, and, surprisingly, real-world infections have been discovered.

Pegasus spyware generally targets high-value individuals, with attacks often initiated by government or law enforcement agencies of certain countries. For instance, there have been instances in Europe where law enforcement used budgetary funds to purchase Pegasus for surveillance on specific targets.

Since its inception, iVerify has received diagnostic data from 2,500 users. Through this data, iVerify identified 7 instances of attacks, indicating that at least 7 users were unknowingly infected by Pegasus.

The initiators behind these attacks remain unclear, but at least the infected users are now aware and can take specific defensive actions, such as resetting their iOS systems and enabling Apple's advanced security features.

Although 7 infections out of 2,500 checks may seem low, it suggests that NSO Group's clients might be adopting methods akin to those of regular APT (Advanced Persistent Threat) groups, broadening the scope of their attacks with Pegasus.

iVerify shared its detection mechanism, noting the challenge due to iOS's closed nature. They fine-tune machine learning models using telemetry data close to the kernel, then analyze vast amounts of logs for traces.

Detecting attacks from a commercial spyware developer like NSO Group is highly challenging. The data utilized for successful detection includes system diagnostic data, shutdown logs, and crash logs, with a focus on minimizing false positives.

Lastly, iVerify is not a free app, but its non-subscription version is listed on the App Store for $1, effectively making it a free version. After installation, users can submit logs and receive detection results within about an hour.