Has Pegasus spyware targeted your phone too? This special tool will find out; works like this

- Advertisement -

Israel-based NSO Group’s Pegasus spyware reportedly helped governments hack the phones of thousands of activists, journalists and politicians in countries including India. An international consortium of news outlets has provided some information about the targets in the past few days. However, the range of target attacks through Pegasus has not yet been defined. Meanwhile, researchers at Amnesty International have developed a tool that lets you see if your phone is targeted by spyware.

Easy to locate on iPhone handsetThe name of this tool is Mobile Verification Toolkit (MVT), which is meant to help you identify if Pegasus spyware has targeted your phone. It works with both Android and iOS devices, although the researchers noted that because more forensic traces are available on Apple hardware, it is easier to trace on iPhone handsets than on Android devices. “In Amnesty International’s experience, there are significantly more forensic traces available to investigators on Apple iOS devices than stock Android devices, so our methodology is focused on Apple’s iOS devices,” the NGO said in its research.

User has to do this workUsers need to generate a backup of their data to let MVT decrypt locally stored files on their phones to view Pegasus indicators. However, in the case of the iPhone, a full file system dump can also be used for analysis. In its current stage, MVT requires some command line knowledge. However, it may acquire a graphical user interface (GUI) over time. The tool’s code is also open source and is available through GitHub along with its detailed documentation.

- Advertisement -

tool works like thisOnce a backup is created, MVT uses known indicators such as domain names and binaries to look for traces related to NSO’s Pegasus. The tool is also capable of decrypting iOS backups if they are encrypted. Furthermore, it extracts installed apps and diagnostic information from Android devices to analyze the data for any possible compromise. MVT requires at least Python 3.6 to run on the system. If you’re on a Mac machine, it needs to have Xcode and Homebrew installed as well. If you want to view forensic traces on an Android device, you’ll also need to have Dependencies installed. After installation of MVT on your system, you need to feed in Amnesty’s Compromise Indicators (IOC) which are available on GitHub. As reported by TechCrunch, there may be an instance in which the tool may have found a potential compromise that could be a false positive and may need to be removed from the available IoC. However, you can read the organization’s forensic methodology report to examine known indicators and look for them in your backup. Paris-based journalism nonprofit Forbidden Stories, in collaboration with Amnesty International, shared a list of more than 50,000 phone numbers with news outlet consortium Pegasus Project. Out of the total number, journalists were able to find over a thousand individuals in 50 countries who were allegedly targeted by Pegasus spyware. The list of targets included journalists working for organizations including The Associated Press, Reuters, CNN, The Wall Street Journal and India’s The Wire. Some political figures including Indian National Congress’s Rahul Gandhi and political strategist Prashant Kishor were also recently claimed to be part of the target.

[Attribution to NBT]

- Advertisement -