A global collaborative investigative project published by 17 media organisations on 18 July revealed that Israeli cyber-intelligence firm NSO Group’s spyware Pegasus was used to spy on about 50,000 people including political leaders, businessmen, journalists, and activists from across the world. Now Amnesty International has released a tool available on GitHub that claims to detect Pegasus.
Mobile phones of at least 300 Indians were targeted by the NSO group using its Pegasus spyware.
The list includes Opposition leaders, top lawyers, businessmen, rights activists and journalists.
What makes Pegasus interesting is that it does not even require a ‘click’ to infect a target's device; this is why the Pegasus method of attack is described as a ‘zero-click install’. A zero-click exploit infects the device without requiring the user to click on any link.
How to Check for Pegasus on Your Device?
Popular antiviruses cannot detect Pegasus since this spyware exploits the mobile operating system and attacks the vulnerabilities that are unknown to the developers of the operating systems and antivirus applications.
But, a new antivirus iVerify claims that it can tell you if your phone is infected with Pegasus.
In a tweet, Ryan Storz, security engineer at the firm Trail of Bits, who leads development of iVerify said: “Just released iVerify 20.0, which now tells you if it detects traces of Pegasus.”
According to Stortz’s tweet, it is also available for Android users via Google Play.
An iVerify user told The Quint that "the app offers iPhone security scans and tips to stay secure. The app is actually Apple approved, which is unusual for a security app."
Alternatively, an anonymous developers have created a Telegram bot which can check for any malicious link that is associated with the Pegasus spyware and alerts you accordingly.
Is iVerify Reliable?
iVerify looks for known signs of compromise and jailbreaks (eg files and folders that should not exist and are associated with malicious behaviour, URL handlers that should not be installed, and the integrity of some system permission checks).
This application provides you with real-time information about traces of Pegasus on your phone. It should be noted that iVerify is Apple approved.
iVerify checks all the bad files and folders. It detects most cases of compromise but cannot detect all of them.
It's still important to limit your exposure to attacks and limit the sensitive data available on your phone and online accounts.
What About The Telegram Bot?
Amnesty International had released a list of more than 1,400 malicious websites on 18 July that are associated with the spyware.
To use the bot, you will need to download a Telegram application in Android/iOS.
Search '@fsmi_pegasus_detector_bot' and share any suspicious URLs or links with it.
The bot will check if the URL is associated with the Pegasus spyware and alerts you accordingly.
It is worth noting that the bot does not rule out the presence of spyware, but it scans for any potential attack.
Cyber experts suggest that one should always consider the possibility of an attack from another URL that is missing from the Amnesty report, as the list itself is not comprehensive.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)