KEY POINTS

  • Pegasus spyware was developed by an Israeli company called NSO Group
  • The team said the malware can't be traced to the government agency using it
  • There are a couple of toolkits people can use to check if their devices are infected

The Pegasus spyware has been all over the news these past few days, with people getting anxious that the malware could be hiding in their smartphones. Besides being invisible and nearly undetectable, the malware is reportedly very hard to remove.

What Is the Pegasus Spyware?

Pegasus is spyware or malware that was designed and developed by NSO Group, an Israeli company, for the use of government agencies. It has been programmed to funnel data from a target's device by infecting it. Such data include messages, photos and audio and video recordings.

According to the NSO Group, the software cannot be traced to the government agency utilizing it. This is an impressive but scary feature for covert operations.

It appears that the Israeli company creates products that allow the government to spy on its citizens. On its website, NSO Group notes that it "creates technology that helps government agencies prevent and investigate terrorism and crime to save thousands of lives around the globe."

The Pegasus spyware controversy
The Pegasus spyware controversy AFP / John SAEKI

How to Find out if Your Phone Is Infected by the Pegasus Spyware

It looks like popular antivirus apps and software cannot detect the spyware because it exploits zero-day vulnerabilities, which are unknown to developers of antivirus apps and operating systems.

However, there are several ways for consumers to check if their phones are infected by this malware. For instance, Amnesty International, a human rights organization, has developed a toolkit that allows people to identify the Pegasus spyware in their devices.

Dubbed as the Mobile Verification Toolkit (MVT), this utility works on both Android and iOS devices and is available on Github. The utility acts as a backup copy of the data on the smartphone, scans all the data and checks if the device is infected with malicious malware. It then informs users if the data from their device have been compromised and transmitted to a third party.

iVerify, another security toolkit, has also been upgraded to a new version recently so it would be able to detect traces of the Pegasus spyware.

On Twitter, Trail of Bits Chief and Security Engineer Ryan Storz wrote, "Just released iVerify 20.0, which now tells you if it detects traces of Pegasus."