Commercial spyware has been increasingly used against a wider range of victims, with recent findings suggesting that the malware is not just targeting activists but also business leaders and government officials. A mobile device security firm, iVerify, has discovered Pegasus malware in 7 out of 2,500 scans of their customers’ devices.
The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to detect anomalies in iOS and Android device activity or telltale signs of spyware infection. For paying users, the tool regularly checks devices for potential compromise, while free users can use it once a month after generating a diagnostic utility file.
Seven infections were detected in scans submitted by customers, including business leaders and government officials, contradicting the prevailing narrative that mercenary spyware is primarily used to target activists. iVerify’s CEO notes that the targeting profile of the malware now seems more like the average piece of malware than previously thought.
The firm attributes its success in detecting spyware to significant investment and use of telemetry data from close to the kernel, allowing for machine learning models to be tuned for detection. Developing this capability has already helped identify signs of compromise on devices used by a lawyer and Sikh political activist whose phone was targeted in an alleged assassination attempt.
iVerify’s findings suggest that commercial spyware is being widely used around the world, with having an easy tool for diagnosing spyware compromises expanding our understanding of its prevalence.
Source: https://www.wired.com/story/iverify-spyware-detection-tool-nso-group-pegasus