Updated on: May 15, 2024
Pegasus is a highly sophisticated family of spyware that infects Android and iOS phones. It uses hidden weaknesses to install itself without any user action, making it very dangerous. Once installed, it collects private data like messages, calls, the user’s location, passwords, and much more, while remaining virtually undetectable.
The spyware is typically used by government agencies to target high-profile individuals such as journalists, activists, political figures, criminals, and terrorists, mostly for surveillance purposes. However, it’s still important to remain cautious, even as an everyday citizen.
Pegasus is particularly dangerous because regular antivirus software can’t detect or remove it. It uses complex methods to hide and can update itself to exploit new security weaknesses, staying ahead of security updates. Its stealthy nature and adaptability make it a persistent threat that only highly sophisticated tools are capable of removing.
What Is the NSO Group?
NSO Group is an Israeli technology company known for developing spyware and other surveillance tools. NSO Group asserts that its products are intended to help governments and law enforcement agencies combat terrorism and crime.
However, the company has faced substantial criticism and legal challenges. Its spyware has been used by various governments to conduct surveillance on journalists, activists, and political opponents, raising serious human rights and privacy concerns. This has sparked a debate on the regulation of such surveillance technologies.
NSO Group has also been involved in legal battles, including a high-profile case with WhatsApp where it was accused of using its spyware to infiltrate users’ phones to collect data. Despite its defense that it serves states’ security needs and operates under strict licensing and oversight by Israeli authorities, these incidents have led to sanctions and tarnished NSO Group’s reputation.
What Is Pegasus Spyware?
Pegasus spyware collects a broad range of personal data from targets’ phones, with versions that affect both iOS and Android devices. The primary function of Pegasus seems to be intercepting and collecting data from affected phones. Worryingly, it can be installed covertly without requiring the victim to take any action.
Circulating since 2011, Pegasus is capable of extracting various types of data, controlling a phone’s microphone and camera, and transmitting that information to those responsible for infecting the device. Pegasus has been used for surveillance and intelligence gathering by government agencies and law enforcement worldwide.
In addition to criminals, it has been used against journalists, activists, and political figures, raising significant concerns about privacy and political rights. NSO Group has licensed Pegasus to groups around the world — there is no public list of clients and therefore no way of knowing who might be targeted.
What Can Pegasus Spyware Do?
Pegasus is a highly sophisticated piece of malware that can infiltrate iOS and Android devices. Once installed, it gains extensive permissions on the device, allowing it to track the location, read SMS messages, emails, and even encrypted data from apps like WhatsApp and Telegram.
The spyware can also access phone call logs, contact details, and even secretly activate microphones and cameras to record without the user’s knowledge. It can collect passwords, browser histories, and details about which networks victims connect to.
Pegasus can do all of this without any action on the part of the target. The infection process is highly stealthy, often leaving no trace on the device that would alert the user to the spyware’s presence.
In short, Pegasus is a spy’s dream, an all-encompassing and virtually undetectable digital surveillance tool. Authorities can and do use data hoovered up by Pegasus to threaten, blackmail, and prosecute targets.
How Does Pegasus Infect a Device?
Groups with access to Pegasus employ a variety of methods to infect devices, with the most sophisticated being zero-click exploits. These exploits do not require the target to click a link, download an app, or take any action. With knowledge of such exploits, organizations using Pegasus need only the most basic information about a phone to deliver the spyware payload.
For example, Indian journalists Anand Mangnale and Siddharth Varadarajan were targeted in the summer of 2023. Messages sent over iMessage to these journalists were used to deploy Pegasus without requiring any action on their part.
Attackers also use less sophisticated methods which do require targets to click a link or download a file. Human rights activist Ahmed Mansoor was targeted through a malicious SMS link that would have utilized a zero-day exploit chain to install Pegasus had he clicked on it. Instead, he sent the messages to the Canadian digital espionage research group Citizen Lab at the University of Toronto for further investigation.
There are many other ways Pegasus can be deployed. Social engineering tactics can be used to trick a target into performing actions that facilitate the infection. This might include phishing attacks where users are misled into opening an infected file — including files from seemingly innocuous apps like Gallery and Apple Music.
Remember that Pegasus is very advanced and has deep ties to intelligence agencies. It’s likely that devices can become infected in many other ways, most of which will remain unknown to the public.
Who Does Pegasus Spyware Target?
Pegasus spyware is known for targeting a wide range of high-profile individuals across different sectors. Examples include journalists, activists, political figures, suspected terrorists, and many others. Anyone who is perceived as a potential threat to their government (or any government, really) is a potential target.
Even those merely associated with persons of interest are at risk. Family members of journalist and Saudi dissident Jamal Khashoggi had their phones monitored before and after his murder in 2018, for example.
Pegasus has frequently been used to suppress dissent and manage public narratives, so journalists and politicians are common targets. This is true even in Europe, with Hungarian journalists such as Szabolcs Panyi reported to have been surveilled by Pegasus.
The scope of Pegasus’s reach is global, with potential targets identified in 45 countries. These targets include not only journalists and political figures, but also activists and other individuals who are perceived as a threat.
More in line with NSO Group’s supposed intentions, Pegasus is also used by law enforcement to combat crime and terrorism. The Mexican government uses Pegasus extensively in its fight against armed drug cartels. It says that the software played a role in the 2016 capture of druglord Joaquín “El Chapo” Guzmán. Authorities in various countries have also claimed the software has been used to thwart terrorist attacks.
These examples illustrate that Pegasus affects a wide range of people. Despite being marketed as a tool for combating crime and terrorism, it is often used in ways that undermine personal freedoms and disrupt democratic processes.
How to Detect & Remove Pegasus Spyware From Your Device
Detecting Pegasus is fiendishly difficult and removing it is no easier. It can’t be detected or removed by standard antivirus software due to its sophisticated nature. It requires complex and complicated software that doesn’t include very good instructions and isn’t ready to use out-of-the-box.
That said, if you believe your device has been infected with Pegasus, it’s important to take it to a cyber security expert. They might be able to help you remove the infection and restore your device back to its factory default condition.
If you believe you’ve been unjustly targeted for political reasons, consider contacting an organization like Amnesty International or Human Rights Watch. Amnesty’s Security Lab has released a tool called the Mobile Verification Toolkit (MVT). It isn’t exactly easy to use, but with enough research and technical knowledge you can test your device for Pegasus without outside assistance.
There is a simpler option, but it’s by no means guaranteed to rid your device of Pegasus: perform a factory reset on your phone. There’s reason to believe that this will remove Pegasus in most cases, but keep in mind that depending on how and why you were infected in the first place, it won’t necessarily stop whoever is targeting you from redeploying the spyware once they notice it’s been removed.
In most cases, I’d recommend that you back up your data before performing a factory reset. But if Pegasus is involved, this could put you at risk of re-infection via infected files or apps. This means that your photos, videos, music, and any other files will be permanently gone — and there’s sadly no way to avoid this.
Here’s how you can reset an Android phone (instructions for iOS devices can be found below):
How to Perform a Factory Reset on Android
- Open your phone’s main settings. Click the magnification icon to open the search bar, then type “reset” in the search field.
- When it appears, tap Factory data reset. Then, scroll down, and again tap Factory data reset.
- Acknowledge the risks (data loss), and tap Reset to begin the process. Follow the on-screen instructions to complete the procedure.
How to Perform a Factory Reset on iOS
- Go to your iPhone’s settings.
- Tap General.
- Tap Transfer or Reset iPhone.
- Tap Erase All Contents and Settings and complete the on-screen instructions.
How to Avoid Being Infected With Spyware
Pegasus spyware is very advanced and capable of infecting devices without any user interaction. That makes it very hard to avoid. Remember that the average person is unlikely to be targeted by Pegasus, as it’s generally only deployed against a limited group of people (like political dissidents, journalists, and high-level criminals).
However, everyone should still take precautions to prevent spyware infections in general. There’s tons of spyware out there that targets everyday people for data-harvesting purposes or with the aim of financial fraud.
Here are some simple steps you can take to protect yourself from spyware:
- Use a mobile antivirus app: Install and regularly update reputable mobile antivirus software for your Android or iOS device to detect and prevent malicious activities. Norton Mobile Security, for example, is excellent at detecting and removing spyware on both Android and iOS.
- Keep your OS updated: Regularly update your device’s operating system and apps to patch security vulnerabilities that could be exploited by spyware.
- Avoid suspicious links:Be cautious about clicking links, especially those received in unsolicited emails or messages.
- Use a VPN: A Virtual Private Network (VPN) can encrypt your internet connection, making it harder for attackers to intercept or tamper with your data. I particularly like ExpressVPN because it has super-fast speeds and top-notch privacy and security features.
- Employ strong passwords: Use strong, unique passwords for different accounts. Consider using a good password manager like 1Password to generate and store complex passwords.
- Enable two-factor authentication (2FA): Where possible, enable two-factor authentication for an added layer of security beyond just a password. This is particularly important for online banking and any other sensitive accounts.
Editors' Note: ExpressVPN and this site are in the same ownership group.
Is Pegasus Spyware a Threat in 2024?
Yes, Pegasus spyware remains a significant concern. For example, an April 2024 report highlighted that almost 600 individuals were targeted with Pegasus under the former Polish government, illustrating the persistent misuse of this technology in political surveillance.
Meta and Apple are also taking NSO Group to court because Pegasus hacked into WhatsApp and affected about 1,400 users. These lawsuits, alongside investigations in Poland and elsewhere, point to a significant pushback against the deployment of Pegasus.
That said, it’s clear that Pegasus is by no means a thing of the past. In April of 2024, Amnesty International reported that the spyware had recently been sold to the governments of Jordan and Togo. Since NSO keeps its client list secret and continues to develop new spying tools, it’s hard to know who’s using this spyware and what they’re doing with it.
The unfortunate reality is that Pegasus is still out there in 2024, hoovering up sensitive data on a significant number of individuals. As an advanced threat to privacy, there sadly isn’t much any one person can proactively do to stay safe. Luckily, other forms of spyware which can be just as intrusive if not quite as stealthy as Pegasus can be defended against, namely by using an antivirus.
Frequently Asked Questions
What are the dangers of Pegasus spyware?
Pegasus spyware represents a critical threat to the privacy and security of high-profile individuals. It gives unauthorized actors almost unrestricted access to any personal data accessed on a target’s phone. This includes real-time and historical location tracking, access to camera and microphone feeds, text messages, emails, and much else besides.
What’s more, the information gathered through Pegasus can be used for coercion, blackmail, or public shaming. In political contexts, it can disrupt the normal functioning of democratic processes by targeting politicians, activists, and journalists, thereby chilling free speech and undermining political opposition. Fortunately, most people who aren’t high-profile individuals aren’t at risk.
How does Pegasus get on your phone?
Pegasus spyware typically infects devices through zero-click exploits, which require no interaction from the device owner. These exploits take advantage of undisclosed vulnerabilities in widely used applications and systems, such as iOS’s Mail or iMessage services and Android’s core functions.
The sophistication of these methods means that defending against them is challenging, as they often exploit vulnerabilities that have not yet been discovered or patched by software developers. This form of attack underscores the advanced capabilities of Pegasus, making it one of the most formidable pieces of spyware of all time.
Can you remove Pegasus from your phone?
Removing Pegasus from an infected device can be extremely challenging and usually requires technical expertise. The simplest way to ensure the removal of Pegasus is to perform a factory reset. This will erase all data from the device and reinstall the operating system. And even that’s no guarantee that you’ll stay safe from the spyware.
Therefore, for complete security, affected individuals should seek assistance from cybersecurity professionals who can thoroughly address and remove the Pegasus infection.
What software can detect Pegasus?
The Mobile Verification Toolkit (MVT) is a primary tool designed to detect Pegasus and other sophisticated spyware. Developed by Amnesty International, MVT can analyze both Android and iOS devices for signs of compromise. It checks for known indicators of compromise (IOCs) within system logs, backup files, and more.
MVT is not a consumer tool and requires some technical ability to use effectively. However, it’s a powerful open-source tool and is continuously updated by a community of security researchers.
How do you know if you have Pegasus spyware?
Detecting Pegasus spyware on your device can be exceptionally challenging due to its stealthy design. Signs might include unusual battery drain, increased data usage, or strange behavior in phone functionalities, although these indicators can be subtle.
Tools like the Mobile Verification Toolkit (MVT) are specifically developed for detecting such advanced threats by scanning device backups for known indicators of compromise. Unsurprisingly given the complexity of Pegasus, such tools require technical knowledge to operate effectively This underscores the need for professional cybersecurity intervention if you suspect a Pegasus infection.
Can I check my phone for Pegasus?
Yes, you can check your phone for traces of Pegasus using the Mobile Verification Toolkit (MVT). This tool is designed to scan for signs of Pegasus and other spyware on both Android and iOS devices. It analyzes backup files and system logs for known indicators of compromise.
However, using MVT requires some technical skills and access to a command-line interface. For those not comfortable with technical tools, consulting with a cybersecurity professional is advisable. Regular updates and cautious online behavior are also critical in preventing such spyware infections.