In the past few years, commercial spyware such as Israeli group NSO’s Pegasus has been used against high-profile victims, including businessmen, journalists and politicians, with most civilians immune to such targeted attacks. However, a new report by security research firm iVerify suggests that spyware like Pegasus is not only rare but can also infect devices owned by the average person.
Earlier this year, iVerify launched a new feature called “Mobile Threat Hunting” for its existing customers. This feature helped detect the infamous spyware Pegasus. The company says that in its initial research, which featured 2,500 devices from its user base, it discovered “seven Pegasus infections — a number that may seem small, but represents a huge red flag in the world of mobile security.”
To give you a quick recap, Pegasus allows threat actors to gain access to critical information such as messages, emails, photos, call logs. Since spyware infects Android and iOS without any user input and uses advanced methods to hide itself, it is very difficult to detect the infection using traditional methods.
It should also be noted that Pegasus did not hit recently scanned devices. iVerify claims that when it analyzed these infected devices, it “revealed a complex timeline of compromise”, with some exploits spanning from 2021 to the end of 2023. The security firm also found that Pegasus infected 2.5 devices per 1,000 scans. While the sample does not represent iVerify’s entire user base, it is still higher than previous reports have suggested.
iVerify says its mobile threat hunting feature uses a combination of technologies such as signature-based detection, machine learning and heuristics to look for any signs of infection. The company says that paying customers can perform regular scans for potential infections, but it also has a free version for users who download the iVerify Basics app for $1. However, it is limited to one scan per month for free users.