What is PEGASUS

Many of us are aware of the exponential rise in cyberattacks over the past few  years. In the field of cyber attack, the Pegasus Spyware is a hot problem nowadays. It has been termed “the most sophisticated” smartphone attack ever. Some have even referred to it as the “ultimate spyware.”

Some Background Story

The NSO Group, an Israeli cyber arms company, developed the Pegasus Spyware, a malicious program (also known as malware), to fight crime and terrorism around the world. Despite being recently identified, Pegasus Spyware’s first known use dates back to 2013 in the UAE. Since then, it is said to have impacted numerous nations, including Israel, the USA, Mexico, and India. More than 45 nations around the world have been impacted in total.

Facebook had early 2019 suspicions that Pegasus was intercepting some WhatsApp chats in the context of India.

The Pegasus Spyware unexpectedly became well-known in July 2021 when an Amnesty International investigation revealed that it was being used to get unauthorized access to people’s personal information.

In essence, it feels like someone has been secretly listening to all of your discussions for a long time. The worst part is that, unless your phone is examined by a digital security lab, you could never even know that Pegasus Spyware has infected it!

PEGASUS Targeted App

Pegasus provides complete control over the smartphone, including the ability to secretly read correspondence, wiretap phone conversations, view photos and videos, and so on.

According to Amnesty’s report, systems on iPhones between iOS 7 and iOS 14.6 are particularly vulnerable due to their compatibility with the NSO group’s technology system. Pegasus, on the other hand, will be unable to affect a gadget that is not compatible with the NSO system.

MVT: Mobile Verification Toolkit

MVT allows to identify PEGASUS, developed by the human rights organization Amnesty International.

• Source code is available on GitHub (Open source)- https://github.com/mvt-project/mvt
• Compatible with Android and iOS
•  No readymade solution for quick installation of the application. The details can be found in  https://docs.mvt.re/en/latest/install/

Working Procedure

MVT relies on running forensic scans that look for “Indicators Of Compromise” or IOCs. These IOCs are basically signs that are believed to exist on every Pegasus-infected device, ie. a domain address of the NSO Group, in its operations. In infected phones, this domain name might reside inside an SMS or an e-mail.

Before looking for signs of a Pegasus threat, The MVT lets us create a backup of  device data. The toolkit will run scans against the IOC data and highlight any suspicious presence in the output folder.

MVT for Android

Currently MVT allows to perform two different checks on an Android phone:

• Download APKs installed in order to analyze them
• Extract Android backup in order to look for suspicious SMS

MVT for iOS

Currently MVT allows to perform two different checks on an iPhone:

• Filesystem Dump
• iTunes Backup