How To Detect and Remove Pegasus Sypyware on iOS

Jose Luansing Jr.

3 minute read
| How-To
How To Detect and Remove Pegasus Sypyware on iOS
Image Credits: Apple

Government surveillance has been a hot topic for years. Some hardcore conspiracy theorists have even ditched smartphones entirely for tactile alternatives. There’s some truth to these fears. However, a more immediate threat comes from mercenary iOS malware like the notorious Pegasus Spyware. It’s a politically driven attack that can record calls, access encrypted messages, and even activate your microphone remotely. Worse, the data collected ends up with terrorist groups.

You don’t have to be a high-profile target to take cybersecurity seriously. Whether you’re concerned about Pegasus or just want to lock down your device, here’s how to check for spyware.

What Is Pegasus Spyware?

Pegasus is a sophisticated spyware developed by the Israeli company NSO Group. Designed for covert surveillance, it can infiltrate personal information on iOS and Android devices, often without any glaring warning signs. It’s classified as “mercenary spyware” for its devious, espionage-esque nature.

Here’s how Pegasus Spyware steals data from victims:

  • Access Communications: Read text messages, emails, and messages from apps like WhatsApp and Telegram.
  • Monitor Calls: Track and record phone calls.
  • Collect Data: Harvest passwords, contact lists, calendar events, and browsing history.
  • Track Location: Monitor real-time GPS locations.
  • Control Hardware: Activate the device’s microphone and camera without user knowledge.

Can You Detect Pegasus Spyware?

Pegasus Spyware’s advanced evasion techniques make it harder to detect. Unlike common malware, it doesn’t typically manifest through obvious signs like pop-ups or performance issues. The virus merely focuses on pulling private information.

To protect users, Apple implemented threat notifications to inform users who may have been targeted by state-sponsored spyware. However, they’re not foolproof. It’s important to watch out for red flags yourself, especially if you’re a likely target.

How To Remove the Pegasus Spyware on iPhone

Here’s what to do if you suspect that you’re targeted by mercenary spyware:

1. Use Amnesty International’s Mobile Verification Toolkit (MVT)

Time needed: 10 minutes

Pegasus doesn’t leave obvious traces, but forensic tools like MVT can scan your iPhone for indicators of compromise (IOCs). This open-source tool checks logs for suspicious processes linked to Pegasus infections.

  1. Open Terminal.

    Launch-Terminal-from-utilities

  2. Install Homebrew on your Mac (if not installed) by running:

    /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

  3. Install Python and required dependencies:

    brew install python3 libusbRunning Python Script

  4. Download and install MVT:

    pip3 install mvt

  5. Extract logs from your iPhone:

    mvt-ios extract --decrypt-key YOUR_KEY --output /path/to/output

  6. Scan logs for Pegasus indicators:

    mvt-ios check-iocs --output /path/to/output /path/to/extracted_logs

  7. Review flagged logs and compare them to known Pegasus IOCs from Amnesty International’s database.

2. Remove Potential Spyware Profiles and Certificates

Some Pegasus variants install hidden Mobile Device Management profiles (MDM) to maintain persistence on a compromised device.

  1. Go to Settings > General > VPN & Device Management.
    add vpn configuration
  2. Look for any unknown profiles or certificates.
  3. If found, tap Remove Profile and restart your iPhone.

3. Turn Off iMessage and FaceTime

Pegasus is known to exploit zero-click vulnerabilities in iMessage and FaceTime, so disabling them should reduce the risk of reinfection.

  1. Open Settings > Messages and toggle off iMessage.
    Disable iMessage
  2. Go back to Settings > FaceTime and disable it.

4. Use Lockdown Mode (iOS 16 and Later)

Lockdown Mode is an advanced security feature designed for high-risk individuals who are more likely to be targeted by state-sponsored spyware, such as journalists, activists, and government officials. It restricts certain device functions to minimize potential attack vectors.

Note icon NOTE
This isn’t practical for most users as it significantly impacts day-to-day usability. However, if you believe you’re being actively targeted by Pegasus spyware, enabling it adds an extra layer of security against sophisticated cyberattacks.
  1. Open Settings on your iPhone.
  2. Go to Privacy & Security and scroll down to Lockdown Mode.
    Lockdown Mode
  3. Tap Turn On Lockdown Mode, then confirm and restart your device.

5. Factory Reset and Reinstall iOS

Consider performing a factory reset as a last resort. If you still can’t trace the source of the spyware, just wipe your data altogether. It’s a drastic but potentially effective approach.

Note icon NOTE
Review your files carefully before restoring from iCloud as the spyware may have embedded itself in backups.
  1. Go to Settings > General and scroll down to Transfer or Reset iPhone.
  2. Select Erase All Content and Settings.
    erase-all-content-and-settings
  3. Tap Continue and input your iPhone password to confirm the reset.

Even after following all the above troubleshooting steps, report potential spyware threats to security experts (e.g., Access Now and Consumer Reports Security Planner). Don’t underestimate Pegasus Spyware. It can operate undetected, collect private data, and compromise encrypted messages. If you’re targeted, your personal information may already be in the hands of government agencies, mercenary hackers, or even cybercriminal groups.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.