Amnesty International has created a tool to search for traces of Pegasus spyware on his smartphone. You probably don’t need it, but a check doesn’t hurt.
If the 16 media gathered by Forbidden Stories carried out the political investigation around the “Project Pegasus”, it is a team of the NGO Amnesty International which took care of the technical analysis of the malware. She discovered hundreds of sites used to infect Pegasus targets; detailed some vulnerabilities exploited by spyware; or even exposed how the software escaped the protections of smartphones.
To complete its analysis, Amnesty has published a tool so that everyone can search for the presence of Pegasus on their iPhone or Android smartphone. Soberly named “Mobile Verification Toolkit” (MVT), or “mobile verification tool” in French, it will analyze a backup of the content of your smartphone in search of compromise indicators (or IOCs) discovered by the NGO. If you are not familiar with the term, IOCs are traces left by malware activity. For example, it could be the address of a server used by hackers to retrieve information remotely, or a specific file present only on the malware.
The longer the scan – which lasts just two minutes – uncovers a lot of evidence on the device, the higher the likelihood that the smartphone is indeed infected with Pegasus. Unfortunately, using the tool still requires the use of command lines: nothing too complicated even for beginners, but you will have to follow Amnesty’s advice and install some software.
As TechCrunch notes, since the NGO has published its project in open source, it is not impossible that other developers are responsible for creating an interface so that the tool can be used by anyone, without any skills in computer science.
Do you really need to verify that Pegasus is not on your smartphone?
The “Project Pegasus” has revealed more than 50,000 phone numbers targeted by the spyware, while the number of victims has been estimated to be just over a thousand so far. But, while impressive, this number is nonetheless very low on a global scale. And for good reason: the governments that buy Pegasus spend several million dollars to monitor barely ten devices. Suffice to say that the targeted people are considered to hold high value information, and this is why many known victims of spyware are journalists, activists or people with a major political role.
If you are not a public figure or work on highly sensitive topics, it is extremely unlikely that any person or entity has tried to infect you with Pegasus. If you are dealing with critical topics, verification can be useful. The worst-case scenario is that you’ll just waste a few minutes of your time.