Pegasus Spyware Lurking on More Devices Than Previously Thought
iVerify has unveiled findings on infections caused by the commercial spyware Pegasus, discovered through scans of mobile devices. Of 2,500 scans conducted, seven devices were found compromised by this malicious software.
The victims of Pegasus include not only journalists and activists but also business professionals, government officials, and other individuals. According to iVerify, the scope of Pegasus’s victims is far broader than previously believed, echoing the characteristics of attacks typically associated with APT groups or advanced malware campaigns.
While seven infections out of 2,500 scans may seem like a small fraction, their mere detection underscores the global prevalence of spyware.
The analysis also revealed that the threats are not confined to the latest operating system versions. The identified incidents included vulnerabilities exploited in iOS 16.6, evidence of infections from 2022 on iOS 15, and even older cases dating back to 2021 on iOS 14 and 15. This demonstrates that spyware can remain undetected for years, silently compromising users’ data.
The complexity of developing such tools lies in the inherent restrictions of mobile operating systems, which limit access to the kernel. In the seven Pegasus infection cases, detection was made possible through the analysis of diagnostic data, system shutdown logs, and crash reports. However, minimizing false positives remains a significant challenge.
iVerify identified signs of a compromised smartphone belonging to lawyer and Sikh activist Gurpatwant Singh Pannun, who was reportedly targeted in an alleged assassination attempt. Additionally, the tool detected activity attributed to nation-states on devices used by members of the Harris-Walz campaign team. Pegasus is widely recognized as a tool for suppressing human rights advocates and was notably implicated in the murder of journalist Jamal Khashoggi at the Saudi consulate in Istanbul.
According to iVerify experts, the era when smartphones could be deemed secure “out of the box” is coming to an end. Users now have access to tools that can detect infections by commercial spyware, and the scale of the threat is significantly greater than previously assumed.
In March, WhatsApp achieved a landmark legal victory against the Israeli company NSO Group, the developer of Pegasus spyware. A U.S. federal court authorized the disclosure of three documents revealing new details about Pegasus’s operations. These documents include employee testimonies, internal company records, and WhatsApp correspondence obtained through legal proceedings.