Home » All News » How to detect Pegasus spyware in iOS device
Technology

How to detect Pegasus spyware in iOS device

Researchers at Kaspersky discovered that Pegasus infections leave traces in the systemlog, shutdown and logs stored within iOS devices sysdiagnose archive.

Researchers at Kaspersky discovered that Pegasus infections leave traces in the systemlog, shutdown and logs stored within iOS devices sysdiagnose archive.
| Photo Credit: Reuters

In December, Amnesty International alleged that the spyware instance known as Pegasus continue to be in use and it was targeting journalists in India. The not-for-profit claimed phones of prominent journalists were infected with the spyware.

Amnesty’s report came months after Apple issued a security notification to certain iPhone users including opposition leaders in India of a state-sponsored attempt to compromise their phones. At that time, the iPhone-maker said it is possible that some threat notifications may be false alarms and some attacks may not be detected.

Now, a lightweight method has been developed by Kaspersky researchers to detect indicators of infection from sophisticated iOS spyware, including Pegasus, Reign, and Predator. The method uses analysis of shutdown.log, a previously unexplored forensic artifact.

Researchers at the cybersecurity company discovered that Pegasus infections leave traces in the systemlog, shutdown and logs stored within iOS devices sysdiagnose archive.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

Analysis of system logs in iOS devices by researchers further revealed that other malware like Reign and Predator follow similar paths to infect mobile devices and hold the potential for identifying infections related to these malware families.

Researchers further developed a self-check utility for users that aids in the extraction, analysis and parsing of shutdown logs.

The tool is publicly available on GitHub and is available for macOS, Windows and Linux users, Kaspersky said in a press release.

Spyware like Pegasus often relies on zero-click and zero-days with no persistence. Users are advised to reboot their devices daily to clean them, making it necessary for attackers to repeatedly infect devices. This also increases the chances of detection over time.

Additionally, users should also ensure they are using the latest software update provided by OEMs and make use of enhanced safety modes available in devices.

source