Home / Blog / How to Detect Pegasus Spyware on Your iPhone or iPad

What is Pegasus Spyware on Your iPhone or iPad

10 min read
Published:
Updated:

IMPORTANT: Starting iOS 14.8 from Apple, the operating system is capable of blocking this spyware. So be sure to update all of your devices immediately to the latest version. This will ensure the security of your device.

What is Pegasus spyware?

The NSO Group's most notorious product is the Pegasus spyware. Originally designed to gather critical and private information, Pegasus could be installed on various devices in addition to cell phones. The fact that the victims did not have to install or activate Pegasus themselves unintentionally gave it extra power. The spyware was activated by a no-click exploit. Specifically for iPhone users, the spyware would activate just by opening an iMessage.

After getting infected with Pegasus, a phone can record passwords, read emails and messages, listen to calls, and even keep track of places it has gone. When a human rights activist's iPhone failed to install the Pegasus

Amnesty International spoke out because thousands of Pegasus victims are merely activists and journalists, despite the assertions that the program was solely intended to be used to gather information about potential terror threats. The group argues that even if the NSO Group might not be specifically going after victims, it still has to own up to the misuse of its technology. Mainly when that technology can be detected on the phones of prominent global government figures.

How does the Pegasus spyware work?

The Pegasus spyware poses a risk due to its zero-click nature. This implies that the malicious software can be downloaded and installed without requiring the attacker to deceive you. Pegasus is usually able to handle all of that on its own.

The victim only needs to be called or messaged by the attacker. Whether or not the recipient reads the message or answers the phone, Pegasus can install itself. To avoid raising red flags, this spyware frequently removes the notice it came with.

Once inside the device, Pegasus can access all phone data, including location, texts, calls, emails, media files, and programs. This spyware turns off the phone's security features as it takes over the device.

How can I check if my phone has Pegasus spyware?

Zeus is a malware detection tool that is available as a free app on the official Softorino website. It can be used to identify any known signs of infection by NSO's Pegasus and may be developed further to be able to detect other infections.  

[Disclaimer: Zeus App does not prevent any possible malware infection. It only detects known signs of current or past infectious activity by looking for malicious file names, links, etc. Scan results do not guarantee your device is 100% clean from malware. Some results can be challenging to interpret and might contain false assumptions.

Please read the documentation carefully before proceeding. It is important to understand the scope and limitations of Zeus App's analyzer in order not to develop a false sense of safety and security – see the Scope below. This software cannot replace or be considered expert support and assistance.]

Before we start

Please read this part about Softorino's commitment and privacy protection carefully before you start working with Zeus.

1.1 Our commitment: full transparency

You can download the app from the website immediately without needing to purchase any other software license or pay for anything. It is available without any restrictions and works as an independent app that is free to download*. 

*Any kind of donation is voluntary and welcome if you are satisfied with the app.

1.2 Privacy and internet connectivity

The spyware analyzer tool will search for any detectable signs of infection in a backup of your iPhone/iPad. Both processes take place on your computer only, meaning none of your personal data or files go to any third parties. 

Enabling backup encryption that will protect all your personal data in the future is recommended.

Zeus app requires an internet connection only to update the software.

1.3 Scope and limitations

The Zeus app analyzes the latest backup of your iPhone or iPad to spot any traces of spyware. Such detection mostly depends on searching for references to known malicious links, email addresses, file names, etc. 

Successful detection of less known or widespread infection patterns depends on logic contained in Zeus App's code. Therefore, it is necessary to ensure the Zeus app is working with the latest updates before running a spyware test.

Scan your iPhone with a step-by-step guide

Step 1: Install and launch Zeus App

Make sure to download and read more about Zeus App in advance on the official Softorino website:

=> Download Zeus App

After the download is complete, launch Zeus and accept the terms of a User Agreement.

Follow the instructions on the right side of the app's window.

Learn About Pegasus Spyware Zeus App

Step 2: Connect your device to the app

After launching the Zeus app, connect your iPhone or iPad via a USB cord to establish a connection between your computer and your iOS device. Zeus app will recognize it afterward as well. 

đź’ˇ Security tip: if it is your first time connecting your mobile device to your computer, Zeus will display a pairing screen. Pairing is an Apple feature that establishes a secure link between your iOS device and your computer. Pairing requires you to enter a passcode on your device. 

Learn About Pegasus Spyware Zeus App Image 2

Step 3: Run a backup for your device

You should create a new backup to your local disk to proceed with the spyware test. You can change your backup location and the device if you have done a spyware check with another iPhone or iPad.

Click "Start Backup & Scan" to run the backup. Depending on your device's capacity, it may take up to 15-60 minutes.

Learn About Pegasus Spyware Zeus App Image 3

Analysis Report

The analysis will be based on the latest backup. It is done to analyze the file system on your iPhone or iPad and detect if there are any patterns or traces of spyware attacks.

Step 4: Review backup options

As mentioned above, these features allow you to change the backup location and desired device if you have worked with any beforehand. 

Learn About Pegasus Spyware Zeus App Image 4

Step 5: Unlock your backup and start the scan

After having copied files to a local disk, Zeus will ask you to enter your iPhone's or iPad's password to unlock your device's backup. Scanning the malware will automatically start right away. It will take up to several minutes to finish the backup analysis.

Interpreting results

Once the analysis of your device's backup is complete, Zeus will show you the result window with three possible scenarios:

  • Clean or Green status: no malware detected whatsoever
  • Warning or Yellow status: possible traces of spyware detected by the system
  • Spyware or Red status: signs of NSO Pegasus have been found on your device

Clean scan

This is what the dialog looks like after a clean scan:

Learn About Pegasus Spyware Zeus App Image 5

A clean report only means that no traces of spyware known to the Zeus app were detected, and there is still no 100% guarantee that the device is not infected. 

Positive detection and possible traces

This is what the dialog looks like after Zeus has detected possible traces of Pegasus:

Learn About Pegasus Spyware Zeus App Image 6

If the app detected the actual spyware signs, its screen will look like this:

Learn About Pegasus Spyware Zeus App Image 7

After it has detected possible or actual traces of spyware activity, Zeus will give you several recommendations on what to do next. It is recommended that you back up your device to iCloud, update it, and restore all the data from this last backup.

This will help you save your files and data without the risk of losing them.

You can also change the location for your last backup. This feature is available by clicking on the dedicated field above the "Check Another iPhone" button.

What if Zeus App says my device is infected?

Since it's quite a long time since the first iteration of this spyware, all modern Apple devices should be protected from it by default. Yet if you are still using an iPhone or iPad with iOS below 14.8 version there is a tiny chance it can get infected.

Even if the Zeus App tells you that you have spyware, it may still be a false positive because some tracking components may be used by 3rd-party apps. It wouldn't hurt to review them nonetheless. We recommend sending your results to the Softorino support team to verify whether it’s real malware.

If the app helped you protect your device, you can donate to app developers. You can do so by clicking "Donate to support developers" on the bottom right side of the app's window.

If you need assistance with any questions, you can always reach out to support@softorino.com 

This app does not track any personal data or user behavior stats, nor does it collect them. Zeus App does not share any of the data with Softorino Inc. or other third parties. It only uses the network connection for the purpose of software updates

logo-zeus

Zeus App

For Windows

Check if your iPhone was attacked by Pegasus spyware

This app is a community project, built upon research of Amnesty International’s project MVP and uses their list of known signs of Pegasus spyware attack.

Free Download
Zeus App Large Banner