A few days ago it became known that the malicious utility Pegasus, developed by the Israeli company NSO Group for law enforcement agencies and intelligence services, is widely used to secretly spy on residents of different countries. According to information security specialists, at least 50 thousand devices have been infected around the world. This number does not seem so high, but Pegasus is very dangerous – it allows you to take full control of your smartphone, secretly read correspondence, wiretap phone conversations and view photos and videos.
It will not be possible to detect Pegasus with ordinary antiviruses, since this malware exploits zero-day vulnerabilities that are unknown to the developers of operating systems and antivirus applications. The human rights organization Amnesty International has developed a utility that allows you to identify this malware, it is called the MVT (Mobile Verification Toolkit), and its source code is available on GitHub.
The MVT utility is compatible with Android and iOS, but there are no ready-made assemblies for quick installation of the application, they need to be compiled independently for a specific device, and this can only be done on a computer with Linux or macOS. The utility saves a backup copy of the data from the smartphone on the computer, scans them and checks if the device is infected with the Pegasus virus.
The Mobile Verification Toolkit scans the smartphone backup data stored on the computer for indicators of infection and informs the user if information from his device could be compromised and transferred to third parties. This utility, in particular, looks at the information transfer logs – it is there that infection indicators (information about sending the history of calls, SMS and messages from instant messengers and other things to a remote server) can most likely be stored. On iOS, these logs are stored longer than on Android, so it is much easier to detect infection with the Pegasus software on the iPhone.
Given the complexity of use Mobile Verification Toolkit, this utility should only be recommended to those who suspect that they are being tracked by Pegasus. Information security experts believe that this malware is used for targeted surveillance. It infects not random devices, but only smartphones belonging to people whose activities are of interest to those who control the use of this software. Each Pegasus license costs hundreds of thousands of dollars, so surveillance is mainly carried out on those who have very valuable information (for example, politicians, businessmen and journalists of major publications).