We recently reported on Pegasus, a zero-click iPhone spyware attack via a silent iMessage message, that once in place it can collect emails, call records, social media posts, user passwords, contact lists, pictures, videos, sound recordings and browsing histories. It can even activate cameras or microphones, and listen to calls and voice mails. It can also collect location logs of where a user has been and also determine where that user is now, along with data indicating whether the person is stationary or, if moving, in which direction.
The iPhone malware was used by NSO Group to target more than 50,000 people, going by a list liberated from the company. The hack is effective even against the latest iPhones, with hackers apparently able to bypass Apple’s latest security updates over the course of a number of years, challenging the company’s reputation for security and privacy.
Because iPhones are a closed platform it is nearly impossible for iPhone owners to know they have been compromised.
Mobile device management platform iMazing has now released a spyware detection tool that can be used to detect signs of infection by NSO’s Pegasus and has the potential to evolve to detect other threats.
The methodology implemented closely mirrors that of the open-source Mobile Verification Kit by Amnesty International’s Security Lab by looking for known malicious file names, links, process names and emails.
The ability for the user to customize the analyzer by providing indicators of compromise in STIX format may be useful for early investigations of future threats.
The tool is available for free, but does require you to connect your iPhone via USB to your desktop.
Read more about the iPhone spyware scanner at iMazing here.