Digital Forensics Dispatch

Digital Forensics Blog
by Sensei Enterprises, Inc.

Mobile Forensics: Detecting Pegasus Spyware

May 19, 2022

Harry Cassin of the FCPA Blog recently wrote an article about discovering Pegasus spyware on a device. The malware was discovered during a routine scan of his devices. The Pegasus spyware is a type of malicious file that is attributed to the NSO Group, which allows for access to everything on the device, including accessing camera and microphone functions and real-time GPS locations.

Pegasus is no joke and is concerning from a device security standpoint. Pegasus operates via a “zero-click” exploit and is frequently distributed via iMessage or WhatsApp. Cassin writes “Detecting Pegasus can be difficult. According to [Gavin] de Becker [a security expert], if a device is turned off or stops transmitting information, Pegasus can self-destruct, leaving little or no tract it ever existed.”

The Pegasus spyware has been found mainly on journalists’ and activists’ devices, especially those who write about corruption. The good news is that there are methods out there to help detect if a device has been compromised by the Pegasus spyware.

The free tool, Mobile Verification Toolkit (MVT), provided by Amnesty International’s Security Lab can be used to scan a device for known indicators of Pegasus. The tool runs on the command line and Amnesty includes a warning for users, suggesting that they be familiar with using command-line tools and understand the basics of forensic analysis. To quote the warning “This is not intended for end-user self-assessment. If you are concerned with the security of your device please seek expert assistance.”

If you are concerned about the spyware and are not comfortable running a command-line based tool, there is a more user-friendly option available, through the company iMazing. Information on detecting Pegasus and other spyware on iPhones and iPads can be found here.

There are some general practices that users can take in order to help prevent infection on their devices. Most often the vectors in which malware is distributed are through links and attachments. It is a good security practice NEVER to click on a link that has been sent to your device or an attachment you are not expecting.

Cassin offers some other wise words of advice in his post about keeping a device secure.

If you need assistance with device scans or malware/spyware file detection please contact Sense Enterprises at 703-359-0700i.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensics

Sensei Enterprises

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Digital Forensics Dispatch

Mobile Forensics: Detecting Pegasus Spyware

Ride the Lightning

Your IT Consultant

Disclaimer