How to detect Spyware Pegasus on Android and iOS
Pegasus is a spyware developed by the Israeli cyberarms firm NSO Group. Target phones can be infected by a simple WhatsApp call.
A tool to detect if Pegasus is installed on your phone
Amnesty International as developed Mobile Verification Toolkit, MVT in short. MVT can be install with python as you will see below. it will help you for both Android and iOS.
MVT will scan your iPhone or Android backup to find out if your phone is compromised.
TL;DR;
I’ve written a little program to make this easier it can be found her
Installing MVT
no matter if you are using Android or iOS, you will need MVT
Open the Terminal:pip3 install mvt --user
The --user is prevent any permission issue
Android procedure with device
Enable developer mode
mvt is using ADB in order to read device information, and you will need to enable developer mode:
- go to Settings
- find About this phone
- local “Build number” and tap multiple times
Then head to Settings and locate Developer options
Scroll to USB debugging and enable it
Running the analysis
If you are and Android Developer, make sure Android Studio is closed.
Open the Terminal and run
$ ~/Library/Python/3.8/bin/mvt-android check-adb
Hopefully your device is clean, good luck!
Android procedure with backup
Install ADB for backup
ADB stand for Android Debug Bridge. It is a tool to control android phones, it is mostly use by developers.
You can install ADB as follow, head to Android SDK and download the platform tools, make sure you download in “Downloads” folder so the following tutorial will work best. Then unzip the file and locate platform-tools folder.
Backing up your Android device
Connect your Android Phone to your computer and create a back as follow:
$ ~/Downloads/platform-tools/adb backup -allWARNING: adb backup is deprecated and may be removed in a future release
Now unlock your device and confirm the backup operation...
Choose Back up my data
This will produce a backup.ab file
Run the analysis on Android backup
Head to the terminal and run mvt on the back as follow
~/Library/Python/3.8/bin/mvt-android check-backup iPhone/iOS procedure
Connect you iPhone to your computer and create a backup:
You can detect if your phone is compromised by following these steps for Mac or Linux
Run the analysis for iPhone/iOS
mvt-ios check-backup /Users/YOUR_USERNAME/Library/Application\ Support/MobileSync/Backup/d49de92a50b83....19c394a7
