Israeli group NSO spyware Pegasus has reportedly helped governments in countries including India hack the phones of thousands of activists, journalists and politicians. An international media consortium has revealed some details about the targets over the past two days. However, the scope of attacks targeted via Pegasus remains to be defined. Meanwhile, Amnesty International researchers have developed a tool to let you see if your phone is being targeted by spyware.
Called the Mobile Verification Toolkit (MVT), the tool aims to help you identify if Pegasus spyware has targeted your phone. It works with both Android and iOS devices, although the researchers noted that it is easier to find the signs of compromise on iPhone handsets than with an Android device due to more forensic traces available. on Apple hardware.
“In Amnesty International’s experience, there are many more forensic traces available to investigators on Apple iOS devices than on original Android devices, which is why our methodology focuses on the former. The non-governmental organization said in its research.
Users need to generate a backup of their data to allow MVT to decrypt files stored locally on their phone to look for Pegasus flags. However, in the case of a jailbroken iPhone, a full file system dump can also be used for analysis.
In its current phase, MVT requires some knowledge of the command line. It can, however, receive a graphical user interface (GUI) over time. The code for the tool is also open source and is available with its detailed documentation via GitHub.
After the backup is created, MVT uses known flags such as domain names and binaries to look for traces related to Pegasus from NSO. The tool is also capable of decrypting iOS backups if they are encrypted. Besides, it extracts installed apps and diagnostic information from Android devices to analyze the data to detect any potential compromise.
MVT requires at least Python 3.6 to run on a system. If you are on a Mac machine, Xcode and Homebrew should also be installed. You also need to install dependencies if you want to search for forensic traces on an Android device.
Once you have finished installing MVT on your system, you need to feed Amnesty’s Indicators of Compromise (IOCs) available on GitHub.
As reported by TechCrunch, there may be a case where the tool can find a possible compromise which could be a false positive and should be removed from the available IOCs. You can, however, read the organization’s Forensic Methodology report to check for known indicators and look for them in your backup.
Together with Amnesty International, Forbidden Stories, a Paris-based non-profit organization, shared a list of over 50,000 phone numbers with the Pegasus Project media consortium. Of the total number, reporters were able to find more than a thousand individuals in 50 countries allegedly targeted by the Pegasus spyware.
The target list included journalists working for organizations such as the Associated Press, Reuters, CNN, the Wall Street Journal and The Wire in India, among others. Some politicians, including Rahul Gandhi of the Indian National Congress and political strategist Prashant Kishore, have also recently been claimed to be among the targets.