What is Pegasus spyware?
Pegasus spyware is a type of zero-click malware developed by the Israeli cyber-arms company NSO Group that can be secretly installed on iOS and Android devices. It allows remote access to personal data, including texts, emails, photos, passwords, app info, and location. It can even activate your microphone and camera, turning your phone into a surveillance tool. Even with anti-spyware tools, Pegasus remains difficult to detect and remove.
Unlike typical spyware, Pegasus can use a “zero-click exploit,” infecting a device without any user interaction. Once installed, Pegasus malware secretly records your login credentials with an undetectable keylogger and sends your personal data to cloud servers.
How does Pegasus hack phones?
Pegasus hacks phones through phishing attacks or by taking advantage of zero-day vulnerabilities — unknown security flaws in operating systems — to gain access to iOS and Android devices.
Here’s how Pegasus can hack phones:
-
Zero-click exploits: Pegasus spyware can use zero-click exploits to infect a device without any action from the target. These exploits can be delivered through phone calls (that don’t even need to be answered), push notifications, or SMS messages that trigger hidden exploits.
-
Phishing exploits: Earlier forms of the Pegasus phone hack used traditional phishing attacks, where attackers sent a text or email with a malicious link that installed Pegasus if clicked. While phishing remains a tactic, it’s complemented by more advanced techniques.
Keeping your operating system updated can help stop exploits by addressing system vulnerabilities. Apple directly controls updates for iOS devices, so iPhones are typically updated consistently. While Android also releases regular updates, older devices or lower-end models sometimes miss out on the latest security patches. Learn why your Android phone might not be getting updates.
How to detect and remove Pegasus spyware
Without digital forensics, detecting Pegasus spyware is nearly impossible. The typical signs your phone has been hacked don’t apply to a Pegasus infection. Your best bet is to use the Mobile Verification Toolkit (MVT). Developed by Amnesty International, MVT analyzes the device logs, backups, and system files of Android and iPhone devices for traces of compromise.
Here’s how to detect and remove Pegasus spyware on Android and iPhone:
Remove Pegasus from an Android phone
MVT can help detect Pegasus spyware on Android devices, but it requires considerable technical expertise, as users will need to know the basics of forensic analysis and using command-line tools. If you suspect your Android has Pegasus on it, your best bet may be to consult a professional investigator.
MVT can extract installed Android packages, running processes, SMS messages, and other information, helping investigators identify signs of compromise.
Because Android stores little diagnostic data, it’s more challenging to detect Pegasus on Android than iOS devices — but MVT is a valuable tool and a great starting point. Just remember: Pegasus isn’t the only threat out there, so learn how to remove phone viruses and other spyware from your Android device.
Remove Pegasus from iPhones
Restarting your iPhone may temporarily stop some forms of Pegasus, but MVT provides a more comprehensive solution. You can use MVT on your iPhone to analyze a full filesystem dump, which includes system files, user data, app data, and hidden files. But this requires you to jailbreak your iPhone, so proceed with caution.
Also, you can use MVT to generate an iTunes backup. While this option provides a limited number of files stored on your device, it might be enough to detect Pegasus on iPhone — and you don’t need to jailbreak your phone. Keep in mind that Pegasus is super-advanced spyware; removing other iPhone spyware is less tricky. As with Androids, if you suspect your iPhone is infected with Pegasus spyware, you may be best off consulting a professional.
How to protect your device from Pegasus Spyware
In cybersecurity, prevention is key. Although Pegasus spyware is very difficult to detect and remove, there are ways to make infection less likely, or at least avoid sharing too much sensitive information with spies. Knowing the typical Pegasus attack vectors can help you prevent an infection. Here’s how:
-
Keep your device updated: Pegasus exploits security flaws in operating systems. Apple and Google are constantly patching vulnerabilities, so keeping your OS up-to-speed may help you avoid infection. Learn more about Android vs iOS security.
-
Don’t click suspicious links in emails or texts: This is a good general rule of thumb. Some Pegasus still may rely on highly targeted phishing campaigns (aka spear phishing), so don’t get caught by clicking suspicious links.
-
Restart your phone daily: Some forms of Pegasus will not survive a device reboot. Restarting your phone daily may help to temporarily hold off infection.
-
Install an antivirus tool to protect against spyware: While Pegasus is particularly tricky to detect and remove, a malware and virus removal tool could help you spot other threats to your privacy. Consult a professional or use MVT if you suspect your device has been compromised with Pegasus.
-
Use Lockdown mode: To combat sophisticated threats like Pegasus, Apple introduced Lockdown mode (available in iOS 16 or later) to protect against state-sponsored hackers. Once enabled, it reduces the functions of some apps and features to make it harder for threats to exploit vulnerabilities.
-
Be cautious with app permissions: The more permissions you give your apps, the more Pegasus can potentially steal. Using encrypted messaging apps with disappearing messages is one way to give snoops less to steal.
-
Be careful what you share on messaging apps: Pegasus has been known to steal data from widely used communication apps like iMessage, Gmail, Viber, Facebook, WhatsApp, and Telegram. Using trusted alternative secure messaging apps may help curb data theft.
Pegasus spyware controversies
Developed by the Israeli cyber-arms company NSO Group, Pegasus has been at the center of multiple global controversies. While originally marketed as a tool for governments to fight crime and terror, it’s been widely used as a cyberweapon to spy on journalists, activists, political opponents, and even world leaders.
Here are some notable events in the fallout against Pegasus:
-
WhatsApp and Apple sue NSO Group (2019/2021): WhatsApp sued NSO Group, claiming Pegasus spied on 140,000 users via WhatsApp calls. In 2021, Apple also sued NSO, accusing it of hacking iPhones and violating privacy.
-
The Pegasus Project exposes widespread surveillance (2021): This major investigative journalism effort leaked a list of 50,000 potential targets of Pegasus surveillance. The Pegasus Project also revealed that authoritarian regimes had obtained Pegasus to spy on human rights defenders and political opponents, sparking a major international backlash.
-
U.S. government blacklists NSO Group (2021): NSO Group was added to the U.S. Entity List due to its controversial licensing of Pegasus spyware to questionable state actors, designating it as a threat to U.S. national security interests.
-
Pegasus pivots to NATO countries (2022): In response to international pressure, the CEO of the NSO Group stepped down, and the company refocused on selling Pegasus licenses to NATO-aligned countries.
Despite these pressures, Pegasus continues to make headlines. Recently, it was revealed that the Jordanian government used Pegasus to hack the phones of at least 30 noted journalists, lawyers, and activists.
Protect your device against spyware with AVG
While Pegasus spyware is particularly nasty, if you’re not a noted journalist or politically exposed person, you’re not likely to be targeted. However, there are plenty of other malware threats, including more common types of spyware. AVG AntiVirus Free provides on-the-go protection against threats, keeping your personal data safer from hackers and snoops. Boost your defense against cyberthreats with AVG for free today.
