Pegasus spyware by Israel’s NSO Group is once again in focus after global reports have revealed how it was used to spy on journalists, ministers and businessmen. The tool is reportedly capable of complete data extraction from a victim’s phone, including calls and texts.
According to Amnesty International, which carried out a technical and forensic analysis of many infected phones, they have observed instances of Pegasus infecting devices with a ‘zero-click’ operation, meaning that the victim does not need to interact with the malicious link.
While checking if your phone is infected with the Pegasus spyware isn’t an easy task, it is possible thanks to researchers at Amnesty, who have worked on a toolkit called MVT or Mobile Verification Toolkit. Interestingly, the tool can also check for other malicious apps on the device as well.
How to check if your phone is infected with Pegasus Spyware?
The open-source toolkit is available on Github for anyone curious to have a peek, inspect it and verify its reliability. The project is available on Github here. In order to successfully run the device checkup, you will need to some understanding of running line code in order to use the tool.
The Mobile Verification Toolkit can be found for both iOS and Android devices, but the process is is a complicated one and requires some prior expertise and experience in the area. Also keep in mind that for Android devices running forensics is much harder given the data logs are not always present. On iOS, the logs are stored for a much longer period. This is also the reason why Amnesty was able to find evidence of Pegasus more easily on iPhones.
To install the toolkit, users need to first install a Python Package which is available on the MVT (Mobile Verification Toolkit) website. You’ll also find instructions on installation on the website.
You will also need to take a full backup of your iOS device as well for the tool to analyse. Keep in mind that for MacOS users running MVT needs Xcode and homebrew to be installed.
Also, Amnesty make its clear that while “MVT is capable of extracting and processing various types of very personal records typically found on a mobile phone (such as calls history, SMS and WhatsApp messages, etc.),” the tool is only meant for users who wish to check this out on their own.
It is not meant to “facilitate adversial forensics of non-consenting individuals’ devices,” and using it to “extract and/or analyse data originating from devices used by individuals not consenting to the procedure is explicitly prohibited in the license.” So using the tool to extract data from someone else’s device without their knowledge is a strict no-no. Keep in mind that not Pegasus is not a ‘mass’ surveillance tool yet, given its prohibitive costs. Each license typically costs hundreds of thousands of dollars, and is not meant to target every single user.