Pegasus spyware: what do you need to know?

What is Pegasus spyware?

The Pegasus spyware is the NSO Group’s most infamous creation. Pegasus was created as a means to collect important and sensitive data, primarily from cell phones, but Pegasus could also be installed on other devices. What made Pegasus particularly potent was how the victims didn’t need to accidentally install or activate it themselves. A no-click exploit that triggered the spyware. For iPhone users, in particular, all it took was opening an iMessage for the spyware to be triggered.

Once a phone has been infected with Pegasus, it can read messages and emails, listen to calls, record passwords, and even track visited locations. The first known case of a Pegasus infection was in 2016 when it failed to install onto the iPhone of a human rights activist.

Despite the claims that Pegasus was only to be used as a means of gathering information against potential terror threats, thousands of victims of Pegasus are merely activists and journalists, prompting Amnesty International to speak out. The organization claims that, while the NSO Group may not be personally targeting victims, it still needs to take responsibility for how its tech is being misused. Especially when that technology is found on the phones of important government officials around the world.

How does Pegasus spyware work?

The danger of the Pegasus spyware is that it’s zero-click. This means that the attacker doesn’t need to trick you into downloading and installing the malicious software. In most cases, Pegasus can do all that by itself.

All the attacker needs to do is call or message the victim. Pegasus can install itself regardless of whether the receiver opens the message or picks up the call. In fact, this spyware often deletes the message it came with to avoid raising suspicion.

Once inside the device, Pegasus gains access to all phone data, such as its location, messages, calls, emails, media files, and all applications. As it establishes itself on the device, this malware also disables the phone’s built-in security.

Who uses Pegasus spyware?

Pegasus spyware has been utilized by dozens of governments. Unfortunately, a large number of Pegasus’ clientele are from countries that don’t have the best record when it comes to human rights and freedom of information.

Saudi Arabia, Azerbaijan, India, and the United Arab Emirates have been some of the biggest customers of Pegasus spyware. Pegasus surveillance report goes into further detail regarding the full scope of Pegasus’ usage. For a piece of tech that advertises itself as only to be used for “serious crimes and terrorism,” many victims of Pegasus malware seem to be activists, journalists, and opposing government politicians.

Does the US government use Pegasus tracking?

It’s not much of a stretch to assume that the US government could be interested in using Pegasus malware — it wouldn’t be the first time that US citizens have been spied on by their own government.

The NSO Group tried to sell Pegasus to the Drug Enforcement Agency (DEA) and the San Diego Police Department — both groups declined due to the cost of the software. In January 2022, it was revealed that the Federal Bureau of Investigation bought Pegasus in 2019 and even considered it for domestic spying. After discussions with the Department of Justice, it was ultimately decided not to use Pegasus.

What is the NSO Group?

The NSO Group is an Israeli-based cyberarms firm founded in 2010. The NSO Group claims to only deal with “authorized” governments rather than selling cyberware to wealthy, private citizens. The aim of its technology is to prevent and fight terror and crime.

The NSO Group has been the target of two lawsuits in recent years. The first was from the instant messaging app Whatsapp. The lawsuit alleged that the NSO Group created an exploit via the Whatsapp calling feature. This exploit allowed an injection of spyware. Nearly 1,400 users were a victim of this exploit, with around 100 of them being human rights activists, journalists, and other perceived threats to certain governments. The NSO Group denied targeting the victims but did not deny creating the exploit.

The second lawsuit revolves around Apple and the infamous Pegasus spyware. Apple filed a complaint in November 2021. Once again, this lawsuit was about a security exploit that was used to inject Pegasus onto devices.

How can I check if my phone has Pegasus spyware?

You wouldn’t be paranoid to wonder if your phone is spying on you. To check for this spyware, use an identifying utility tool called Mobile Verification Toolkit, or MVT. This “open-source mobile forensics tool” can be found here. You’ll also find a detailed list of instructions. It’s a complex process, so it’s recommended that only those with enough tech savvy and programming experience attempt to use the toolkit.

If you still want to try, be aware that you’ll need Linux or macOS to compile the necessary files for the suspect device.

How to remove Pegasus spyware from an iPhone

To remove Pegasus from an iPhone, you need to connect it to a Linux or macOS computer and run a mobile verification toolkit. However, it’s a very complex process. If you’re concerned that your phone might be infected with Pegasus, it’s best to deliver it to a security professional with knowledge of digital forensic analysis.

How to remove Pegasus spyware from an Android

Just like with the iPhone, the Android system also has a mobile verification toolkit you can use by connecting your smartphone to a macOS or a Linux device. But it is highly recommended to consult with cybersecurity professionals to ensure the removal is successful.

Protect your phone from spyware

Pegasus is an advanced, no-click spyware, so its victims couldn’t have done anything different to stay safe. But spyware that everyday users experience is often much simpler and installed by their spouses or ex-boyfriends. If you want to protect your phone from spyware, here are a few tips:

1. Protect your device and use biometric passwords. Most people don’t know how to hack a device. Instead, they wait until the target device is left unattended and install spyware directly. Make sure to never leave your phone with anyone you don’t fully trust. Also, you can use biometrics to ensure only you can unlock your device.
2. Don’t install apps downloaded outside of official app stores. Most malicious apps can’t get onto Google Play or the App Store. You’re much more likely to keep your device safe if you don’t download apps from anywhere else.
3. If something feels off, check it out. You probably know your phone like the back of your hand. If your device starts acting weird all of a sudden, such as showing you notifications it never did before, make sure to check where they’re coming from. Strange pop-ups are often a sign of malware.
4. Be careful with URLs in messages. Let’s say a friend on Facebook sends you a link and says something vague, such as “Oh, wow. Check this out.” Double-check if they actually intended to send you something. Stolen accounts are often used to share malicious links and attachments but you can reduce the likelihood of infecting your device if you stop and think before you click.
5. Use reputable security tools. Tools, such as NordVPN’s Threat Protection, can block ads and check for malicious files before they’re downloaded to your device.
6. Check app permissions. Once in a while, check which apps have access to your location, calls, and messages. If you see an app that shouldn’t need access or has a name you don’t recognize, disable its access and look for it online.

How does Pegasus spyware impact freedom of speech and the right to privacy?

When governments are using technology that’s supposed to be used to combat criminal threats and terrorism against those who are merely dedicated to revealing the truth to their compatriots, it’s a bad sign for overall human freedom. It gives oppressive governments another way of guaranteeing they stay in power — by spying on those who oppose their regime, they can eliminate potential scandals before they’re revealed.