Full Report
iVerifyBasic helped me scan my phone for spyware in 5 minutes. Here's how to use it.
Analysis Summary
# Tool/Technique: Pegasus Spyware
## Overview
Pegasus is a sophisticated, commercially available spyware developed by the Israel-based NSO Group. It is known for its capability to infiltrate mobile devices (primarily iOS and Android) to extract data, monitor communications, and record activity, often requiring minimal user interaction. The context specifically mentions a tool costing $1 that can check for Pegasus infection.
## Technical Details
- Type: Malware Family (Spyware)
- Platform: Mobile devices (iOS, Android)
- Capabilities: Zero-click exploitation, surveillance, data exfiltration, remote access.
- First Seen: Information is not explicitly provided in the source, but Pegasus has been publicly known since around 2016.
## MITRE ATT&CK Mapping
*Note: As the article focuses on detection rather than the infection process itself, the primary mappings below relate to its known capabilities.*
- **TA0002 - Execution**
- T1204.002 - User Execution: Malicious File (If a user interaction is required, though Pegasus is famous for zero-click methods)
- **TA0011 - Command and Control**
- T1071 - Application Layer Protocol
- **TA0010 - Exfiltration**
- T1041 - Exfiltration Over C2 Channel
## Functionality
### Core Capabilities
- Infiltration of mobile phones (iOS/Android).
- Comprehensive surveillance of device activity.
### Advanced Features
- The capability to utilize zero-click exploits (e.g., in messaging apps like WhatsApp or iMessage) to install without user awareness or interaction.
- Full remote access and monitoring, turning the device into a 24/7 surveillance tool.
## Indicators of Compromise
- File Hashes: [Not provided in the source article]
- File Names: [Not provided in the source article]
- Registry Keys: [Not applicable for mobile environment detection via NSO tools, not provided]
- Network Indicators: [Not provided in the source article, generally obfuscated C2 infrastructure]
- Behavioral Indicators: High data usage, unusual battery drain, unexpected app activity (This article focuses on a *check* tool, not the IoCs of Pegasus itself).
## Associated Threat Actors
- Not explicitly detailed in the provided snippet, but historically associated with nation-state surveillance operations, governments, and intelligence agencies that purchase NSO Group products.
## Detection Methods
- The article highlights that a **$1 checking application** is available for consumers to determine if their phone is infected, suggesting specific file/signature/behavioral indicators are being scanned for by this third-party tool.
- General detection relies on specialized forensic tools or security products capable of identifying Pegasus components or unusual system behavior characteristic of zero-click exploitation.
## Mitigation Strategies
- Keeping mobile operating systems (iOS/Android) fully updated to patch vulnerabilities exploited by Pegasus.
- Using secure messaging applications that leverage end-to-end encryption (as implied by related articles referenced in the context).
- Employing security software capable of detecting zero-click malware.
## Related Tools/Techniques
- Other mobile surveillance malware (e.g., Predator, commercial spyware products).
- Related articles mention using secure messaging apps and anti-spy camera finders, suggesting defensive steps against surveillance vectors.