Pegasus Spyware Infections Proliferate Across iOS, Android Devices

Researchers have discovered seven new Pegasus spyware infections targeting journalists, government officials, and corporate executives that started several years ago and span both iPhone and Android devices, demonstrating that the range of the notorious spyware may be even greater than once thought.

Researchers from iVerify discovered multiple devices compromised by Israeli company NSO Group's spyware via attacks initiated between 2021 and 2023 that affect Apple iPhone iOS versions 14, 15, and 16.6, as well as Android, they revealed in a blog post published on Dec. 4. The infections were discovered in May during a threat-hunting scan of 3,500 devices from iVerify users who opted in to the checks.

Specifically, the investigation uncovered multiple Pegasus variants in five unique malware types across iOS and Android. The researchers detected forensic artifacts in diagnostic data, shutdown logs, and crash logs found on the devices.

"Our investigation detected 2.5 infected devices per 1,000 scans — a rate significantly higher than any previously published reports," Matthias Frielingsdorf, Verify co-founder and iOS security researcher, wrote in the post. Each of the infections "represented a device that could have been silently monitored, its data compromised without the owner's knowledge," he wrote.

"The discovery supported our thesis about the prevalence of spyware on mobile devices — it was hiding in plain sight, undetected by traditional endpoint security measures."

Pegasus Spyware Reach Underestimated?

The findings also demonstrate that security researchers, in general, may have underestimated the reach of mobile spyware, particularly Pegasus, Rocky Cole, co-founder and COO of iVerify, tells Dark Reading.

Pegasus, developed by NSO Group — an adversary that iVerify tracks as "Rainbow Ronin" — is a particularly nasty piece of spyware that allows the controller to exploit OS vulnerabilities and leverage zero-click attacks to access and extract whatever they want from an exploited mobile device. Attackers can intercept and transmit messages, emails, media files, passwords, and detailed location information without a user's knowledge or interaction.

To read the complete article, visit Dark Reading.