Global spyware attacks often make the news, and you might be curious about how to detect Pegasus spyware on your phone. Pegasus has been in action since 2016, with its latest reported attack in October 2023*. It’s a dangerous, invasive spy tool that breaks into phones, steals and transmits personal data, and is undetected by anti-virus programs.
While Pegasus attacks on normal citizens are incredibly rare, knowing its detection and removal process can be helpful if the need arises. I’ll share the nitty-gritty of Pegasus attack methods, data harvesting techniques, and how to remove it from your phone.
- Show Full Guide
Techopedia’s Top Picks to Detect Pegasus Spyware
Pegasus spyware is dangerous because it’s very difficult to find, and the official detection method is technical and complicated. However, a couple of third-party anti-virus programs can help.
- Certo — Can detect indicators of compromise for advanced threats like Pegasus on iOS and Android
- BitDefender — Can detect and remove Pegasus spyware on iPhones and Android
What is Pegasus Spyware?
The NSO Group created the infamous Pegasus spyware as a security solution. It is a commercial spyware tool that attacks iOS and Android phones and records all phone activity. The NSO Group says it is to “help government agencies detect and prevent terrorism and crime.” The reality is, unfortunately, quite different, following multiple investigations confirming its illegal use as a spy tool.
Talks of Pegasus software exploded in 2021 after The Guardian published a report about this, at the time, unknown spy tool. Since then, independent investigative groups have found multiple instances of the Pegasus virus on iOS and Android phones. In 2023, Amnesty International discovered a big Pegasus attack on high-profile Indian journalists.
Pegasus is particularly frightening because it’s exceptionally good at hiding its presence. It is often installed remotely without any user interaction. A Pegasus spyware phone target may be unaware of its presence for months (even years) unless a cyber-security expert intervenes.
During this phase, Pegasus extracts and sends all the data (calls, messages, photos, videos) to a remote server. Once they get what they need, attackers can even remotely remove Pegasus from the target’s phone, so you wouldn’t even know it was there.
How Does Pegasus Spyware Work?
Pegasus installation can happen via multiple methods. Physical access isn’t necessary to execute a Pegasus hack. Social engineering attacks or exploiting zero-day vulnerabilities are difficult to prevent and can be used to install spyware remotely.
Pegasus Remote Installation
There are two ways to remotely install Pegasus on an iPhone or Android device.
Over the Air
Over-the-air (OTA) attacks are the primary reason Pegasus is so dangerous. The NSO Group hunts for zero-day exploits in iOS and Android operating systems and popular apps. Simply put, zero-day exploits are unreported loopholes in software code that malicious actors can misuse.
Then, the attacker can deploy Pegasus on the target phone with zero-click attacks. In zero-click attacks, the spyware remotely installs even if the user doesn’t do anything, like clicking on a link or accepting an incoming call.
NSO Group has a history of exploiting vulnerabilities in iMessage and FaceTime to remotely infect iPhones. A simple missed call or text message forced the phone to install the spyware without the user’s input.
Social engineering methods
This is a popular cyberattack tactic where an attacker coerces the user to click on a malicious link. The attacker gets creative and bundles the link as a part of a promotional message, an enticing offer, or a problem that needs immediate attention.
If you see a warning mail from your bank, you’ll click on it without thinking twice. The moment you do, Pegasus will secretly install and jailbreak your phone to get administrative control.
Pegasus Physical Installation
While it’s possible to physically install Pegasus on a smartphone, it can be quite a challenge. Remember, Pegasus has so far been used against high-profile targets, and grabbing their phone might be difficult. However, if you can get physical access to the phone, installing Pegasus doesn’t take much time.
Pegasus Data Management
Once Pegasus is in, it logs all the user’s activity and stores it in data buffers on the phone’s storage. Data buffers occupy very little space and transmit the logs to a Command and Control server in an encrypted format.
Pegasus guarantees 24/7 surveillance, so storing large data clusters isn’t helpful and can raise suspicion. It uses small data buffers instead and wipes them to store new logs after the previous transmission completes.
What Data Can Pegasus Spyware Access?
Pegasus sits between the kernel and the operating system and can view and record everything that happens on your phone. Here’s a comprehensive list of what Pegasus can steal and do:
- Text messages
- Emails
- Call history and recordings
- Contact details
- Remotely access the mic and camera
- Social app data (text, media, logs)
- Installed application data
- Browser history
- Capture screenshots and screen recordings
- Track live-location
- Access phone storage
- Download phone files
- Record keystrokes
- Modify files
Even end-to-end encrypted chats (WhatsApp, Instagram, and other messaging apps) aren’t safe because encryption happens after you send the message. Pegasus records keystrokes and the screen, so no chats are safe. The attacker can modify the data collection schedule and request any of the above data on a whim.
How to Tell if Your iPhone or Android is Infected With Pegasus
Pegasus is adept at hiding itself, but like all spyware, it might display some common signs:
- Unusual sounds during calls — The spyware tries to intercept and listen to your calls. You might hear unusual sounds before picking up or during the call.
- Surprising battery drain — Spyware runs multiple processes in the background and is always in tracking mode. An unexplained drop in battery life might indicate the presence of spyware.
- Performance issues — Round-the-clock tracking consumes a lot of hardware resources. You might experience sluggish performance, even with basic actions like calling, texting, or web browsing.
- Unusual data usage — The spy tool needs an internet connection to send data to the server, which can increase overall data consumption. Even if you have unlimited data or Wi-Fi plans, it’s a good idea to track your usage and look for anything odd.
- Delayed notifications, calls, and messages — Multiple tracking elements, like a keylogger and screen recorder, try to capture every incoming call or message, which may result in delayed notification prompts.
- Less storage space — Tracking all phone activity takes a toll on phone storage. All the tracked data, including photos and recordings (video and audio), can reduce the available storage space on your phone.
- Unknown apps — Spyware can install other apps or packages that extend its tracking abilities. These apps won’t appear in the app drawer or on the home screen, but you can find them by checking the file directory.
- Uncommon screen behavior — The phone’s screen can exhibit weird behavior, like random app launches or shutdowns, even when you aren’t interacting with it.
How to Remove Pegasus Spyware
Pegasus keeps evolving to continuously evade checks and new security features in mobile operating systems. While there are ways to remove spyware from iPhones, these methods won’t do much against Pegasus. It’s best to contact a cyber-security expert to remove Pegasus spyware from iOS or Android. There are ways you can do so on your own, but you’ll need a certain level of technical expertise.
Mobile Verification Toolkit
Mobile Verification Toolkit (MVT) is a command-line tool that can detect Pegasus virus in iPhone and Android. Amnesty International developed this tool to help researchers find traces of a Pegasus infection. It is free and available on GitHub if you want to try it.
You’ll need advanced technical knowledge to run a deep scan with MVT. The tool works better on macOS and Linux and currently doesn’t support Windows. You cannot install MVT on your phone directly. Instead, it runs on a computer, and you will have to plug your phone in.
Even if you manage to run the tool, conducting a deep analysis and finding Pegasus traces is daunting. Analyzing core system files requires technical expertise, which means it’s not for everybody.
Compatible Anti-virus Software
What makes Pegasus so dangerous is that it’s nearly impossible to detect and remove. The official detection method is also quite complicated and very technical. Most third-party anti-virus software for iPhones can’t trace the spyware, but there, luckily, are a couple of options.
- Certo — Certo is a licensed security app built to detect spyware and other intrusive software, like keyloggers, on smartphones. While Certo can’t specifically pinpoint Pegasus installation, it detects Indicators of Compromise (IoCs) that show the presence of Pegasus or other advanced spyware. It also has a System Checker that makes sure that Pegasus or other spyware hasn’t disabled security mechanisms on the phone. Certo has apps available for both iOS and Android.
- BitDefender — BitDefender uses its standard malware detection methods to detect Pegasus on iPhones. It continuously updates its anti-malware signature database to keep up with the latest versions of Pegasus. To detect and remove Pegasus, download the BitDefender mobile security app for iOS or Android. Don’t forget to also activate its Web Protection Feature to help you scan suspicious websites, links, and automatic downloads.
How to Avoid Pegasus Spyware?
While not the easiest spyware to avoid, there are a few things you can do to protect your smartphone.
- Use biometric passwords — You can configure apps to only accept biometric authentication. Use FaceID or fingerprint scanner to unlock the phone and sensitive apps (banking, social, and email).
- Use password managers — Creating strong, unique passwords for every service and app is tough. Instead, using one of the best password managers will help you generate unique, tough-to-crack passwords, replace weak or compromised ones, and let you easily manage hundreds of accounts with one app.
- Use antivirus software — Not every antivirus software can detect Pegasus, but they will protect you from other malware and spyware, detect intrusions, and block suspicious apps from making changes to core system files.
- Use VPN services — A Virtual Private Network (VPN) lets you bypass geographical barriers and anonymously access everything online. It’s a great tool to hide your personal data from attackers and evade the invasive tracking that many websites use.
- Avoid third-party app installation — The App Store and Google Play Store meticulously vet apps before releasing them on their platforms. Stay away from free or modded apps available on sketchy websites because they can contain spyware. Only download apps from official sources.
- Don’t click suspicious URLs — All it takes is one click of a suspicious URL for it to download and install malware on your device.
- Check app permissions — Apps can request a myriad of permissions, even ones they don’t necessarily need. Periodically inspect the location, mic, storage, camera, and contact permissions and remove apps that don’t need them.
- Never skip updates — Updates patch existing loopholes in phone software and apps and stop spyware makers from exploiting them. Install OS updates and security patches immediately and enable auto-app updates.
- Enable built-in phone security features — iPhones have a Lockdown Mode that can block spyware apps. Turning off Android’s “Install unknown apps” feature will also block third-party app installations.
- Factory Reset the phone — It’s a drastic final step since you’ll lose all the data on your phone, but completely resetting the device will remove any spyware and unknown apps. However, a factory reset doesn’t guarantee Pegasus removal, so you might have to replace your phone.
What to Do If Your Phone Has Pegasus Software?
The chances of Pegasus targeting an average person are minimal. Its infrastructure and maintenance costs are in the millions, making it a highly specialized, expensive spyware feasible only for high-profile targets.
If you detect Pegasus spyware on Android or iPhone, Reporters Without Borders (RSF) says the best option is to discard the phone and get a new one. Don’t forget to also change your passwords for all social media, messaging, banking, and document apps.
If you can’t get rid of your phone, you can try the official MVT solution or use apps like Certo and BitDefender. However, the best option might be to contact a cybersecurity professional to help you completely secure your device.
FAQs
Can you check for Pegasus spyware?
What are the signs of the Pegasus hack?
What antivirus can detect Pegasus?
Does Pegasus spyware still exist?
Can anyone get access to Pegasus spyware?
How to remove Pegasus spyware from iPhone?
How to remove Pegasus spyware from Android?
References
- *Pegasus India Attack 2023 (Amnesty)
- Revealed: leak uncovers global abuse of cyber-surveillance weapon (The Guardian)
- Mobile Verification Tool (GitHub)
- Apple iPhone Lockdown Mode (Apple)
- RSF’s recommendations for those who could be spied on by Pegasus (RSF)