Kaspersky Advises on How to Detect Infamous Pegasus Spyware on Phones
Worried that your phone might be compromised by the infamous Pegasus spyware? Here's what you should do, Kaspersky's message.
It has become apparent that even Apple's iPhones are not immune to spyware threats. In response to the growing threat of iOS spyware, cybersecurity firm Kaspersky has developed a relatively simple method for the detection of such infections, including sophisticated strains like the notorious Pegasus.
Pegasus can have more privileges than the phone's own owner, making it no joking matter if this infamous spyware gets installed on someone's device. While an ordinary user may not need to fear the installation of this otherwise expensive surveillance software on their phone, anyone who wants to be certain should consider the advice from the esteemed cybersecurity company, Kaspersky, regarding spyware detection.
Kaspersky's experts have made a notable discovery: they have identified traces of Pegasus infections in the sysdiagnose archive's Shutdown.log file on iOS devices. This archive records information from every reboot session, thus allowing anomalies related to Pegasus malware to come to the surface in the log when restarting the infected device according to Kaspersky's statement.
The indicators identified included unusual occurrences such as "sticky" processes that prevent restart, which were particularly related to Pegasus. The analysis of the Shutdown.log by the Mobile Verification Toolkit also confirms the infection, making the log file examination a potential integral part of investigating iOS malware infections.
Analyzing Pegasus infections within the Shutdown.log, Kaspersky experts detected a common infection path (/private/var/db/), which reflected paths observed in infections caused by other iOS malware, such as Reign and Predator. Researchers believe that this log file could potentially detect infections associated with these families of malicious programs.
To simplify the identification of spyware infections, Kaspersky's experts have created a self-assessment tool for users. Utilizing Python3 scripts, this tool enables users to extract and analyze the Shutdown.log artifact. They shared it on GitHub, ensuring accessibility for users of macOS, Windows, and Linux platforms.
Beyond this innovative detection method, Kaspersky's experts also offer practical tips for users to defend against advanced iOS spyware. They particularly recommend daily restarts. This could disrupt zero-click, zero-day exploits, forcing attackers to reinfect the device, thus increasing the chance of detection over time.
Researchers suggest that Apple's newly added Lockdown Mode effectively blocks iOS malware infections. Disabling default services like iMessage and Facetime reduces the chance of becoming a victim of zero-click chains. Keeping the device up-to-date by immediately installing available iOS patches helps prevent known vulnerabilities from being exploited.
Users are also advised not to click on links received in messages, minimizing the risk of becoming a target for single-click exploits delivered across various channels. Lastly, regularly check backups and system diagnostics_. Processing encrypted backups frequently and diagnosing system archives can aid in the timely detection of malicious programs targeting iOS.
Pegasus can have more privileges than the phone's own owner, making it no joking matter if this infamous spyware gets installed on someone's device. While an ordinary user may not need to fear the installation of this otherwise expensive surveillance software on their phone, anyone who wants to be certain should consider the advice from the esteemed cybersecurity company, Kaspersky, regarding spyware detection.
Kaspersky's experts have made a notable discovery: they have identified traces of Pegasus infections in the sysdiagnose archive's Shutdown.log file on iOS devices. This archive records information from every reboot session, thus allowing anomalies related to Pegasus malware to come to the surface in the log when restarting the infected device according to Kaspersky's statement.
The indicators identified included unusual occurrences such as "sticky" processes that prevent restart, which were particularly related to Pegasus. The analysis of the Shutdown.log by the Mobile Verification Toolkit also confirms the infection, making the log file examination a potential integral part of investigating iOS malware infections.
Analyzing Pegasus infections within the Shutdown.log, Kaspersky experts detected a common infection path (/private/var/db/), which reflected paths observed in infections caused by other iOS malware, such as Reign and Predator. Researchers believe that this log file could potentially detect infections associated with these families of malicious programs.
To simplify the identification of spyware infections, Kaspersky's experts have created a self-assessment tool for users. Utilizing Python3 scripts, this tool enables users to extract and analyze the Shutdown.log artifact. They shared it on GitHub, ensuring accessibility for users of macOS, Windows, and Linux platforms.
Beyond this innovative detection method, Kaspersky's experts also offer practical tips for users to defend against advanced iOS spyware. They particularly recommend daily restarts. This could disrupt zero-click, zero-day exploits, forcing attackers to reinfect the device, thus increasing the chance of detection over time.
Researchers suggest that Apple's newly added Lockdown Mode effectively blocks iOS malware infections. Disabling default services like iMessage and Facetime reduces the chance of becoming a victim of zero-click chains. Keeping the device up-to-date by immediately installing available iOS patches helps prevent known vulnerabilities from being exploited.
Users are also advised not to click on links received in messages, minimizing the risk of becoming a target for single-click exploits delivered across various channels. Lastly, regularly check backups and system diagnostics_. Processing encrypted backups frequently and diagnosing system archives can aid in the timely detection of malicious programs targeting iOS.
