In the past few years, we’ve seen how Pegasus, a spyware developed by the Israeli cyber arms company NSO Group, has affected iPhone users all over the world. But now, Kaspersky says it has created a tool that can give users the ability to check if their device has spyware installed.
The company says it has developed a “lightweight” way to detect various “sophisticated iOS spyware” like Pegasus, Pegasus-like threats—Reign and Predator—and it’s all available as a self-check tool for users.
How It Works
It does so by analyzing ‘Shutdown.log,’ which the company calls “a previously unexplored forensic artifact.” It was also found that Pegasus infection can leave traces in Shutdown.log, and this can be found in iOS’ sysdiagnose archive. “This archive retains information from each reboot session, meaning anomalies associated with the Pegasus malware become apparent in the log if an infected user reboots their device,” Kaspersky notes.
Among those found include instances of “sticky” processes impending reboots and other traces. Moreover, upon analyzing shutdown.log, when infected by Pegasus, a common infection patch—’/private/var/db/’—can be seen. This is also seen in infections caused by other iOS malware such as Predator and Reign.
How To Check For Infection and Protect Yourself?
Kaspersky has created a self-check tool for users, and it’s available on GitHub for everyone to see. To make it accessible to as many people as possible, the company has made it available for macOS, Windows, and Linux.
Kaspersky also lists ways to safeguard yourself against this malware:
– Reboot your device daily.
– Go into Lockdown Mode.
– Disable iMessage and FaceTime.
– Download the latest software updates.
– Don’t click on foreign, random links you receive.
– Check backups and Sysdiags frequently.
Comments
0 comment