In the last few years, commercial spyware like the Israeli group NSO's Pegasus has been used against high-profile victims including businessmen, journalists and politicians, with the majority of common people being safe from such targeted attacks. However, a new report by the security research firm iVerify suggests that spyware like Pegasus is not rare but may also infect devices owned by common people. Earlier in May this year, iVerify launched a new feature dubbed "Mobile Threat Hunting" for its existing customers. This feature helped detect the notorious spyware Pegasus. The company says in its initial investigation, which featured 2,500 devices from its user base, they "uncovered seven Pegasus infections - a number that might seem small, but represents a massive red flag in the world of mobile security." To give you a quick recap, Pegasus allows threat actors to gain access to critical information like messages, emails, photos, call logs. Since the spyware infects Android and iOS without any user input and uses advanced methods to hide itself, it is fairly hard to detect infection using traditional methods. It should also be noted that Pegasus didn't recently hit the scanned devices. iVerify claims that when it analysed these infected devices, it "revealed a complex timeline of compromise", with some exploits dating back to 2021 to late 2023. The security firm also found that Pegasus infected 2.5 devices per 1,000 scans. While the sample does not represent iVerify's entire user base, it is still higher than what previous reports suggested. iVerify says its Mobile Threat Hunting feature uses a combination of techniques such as signature-based detection, machine learning and heuristics to search for any signs of infection. The company said it paying customers can perform regular scans for potential infections, but it also has free version for users who download the iVerify Basics app for $1. However, it is limited to one scan per month for free users.
