It is extremely unlikely that your phone has been hacked through Pegasus software, from NSO Group, but there's a way to check if he's infected — or at least check for some tell-tale signs of it.

Spyware was used to target human rights activists, lawyers, journalists and politicians and was linked to assaults and murders of dissidents. But the chances of an “anyone user” of an iPhone or Android being affected are very low.


However, for the user who is concerned, there is a tool designed to help you check. The bad news, as TechCrunch explains, is that it's not an entirely simple process.

The Mobile Verification Toolkit, or MVT, works on iPhones and Android devices, but in a little different way. Amnesty International said more forensic traces were found on iPhones than on Android devices, making detection easier on iPhones. 

Some inaccurate spyware reports suggested that Apple devices were somehow more vulnerable. The reality is that Amnesty has focused its efforts on iPhones because the enhanced security they offer makes it easier to detect when a phone has been compromised. It is possible to check Android phones, but with many more false negatives.

According to the 9to5mac website, MVT will allow you to take a full backup of the iPhone and detect any indicators of compromise (IOCs) known to be used by the NSO to allocate Pegasus.

Some of these indicators are, for example, domain names used in the NSO infrastructure, which can be sent via text message or email. if you have a encrypted backup iPhone, you can also use MVT to decrypt the backup without having to make a new copy.

Read more:

The toolkit works from the command line, so it's not a refined and polished user experience, and it requires some basic knowledge of navigating the terminal. 

Site does search test por spy virus with Amnesty International kit

In one test, the 9to5mac site was able to get the tool up and running in about 10 minutes, plus the time to create a new backup of an iPhone.

According to the website, to prepare the toolkit to scan the phone for signs of the spy virus, you will need to feed it Amnesty's IOCs, which are available on the GitHub page. 

Whenever the file's compromise indicators are updated, the user should download and use an updated copy.

After starting the process, the toolkit checks the iPhone backup file for any evidence of compromise. The 9to5mac testing process took about a minute or two to run and dump several files into a folder with the scan results. If the toolkit finds a possible compromise, it will report it in the output files.

You can download the GitHub tool and find the detailed documentation here.

Have you watched our new videos on YouTube? Subscribe to our channel!