It was revealed that the Pegasus spyware from the Israeli NSO Group allegedly helped the governments of countries, including India, to hack the phones of thousands of activists, journalists and politicians. An international consortium of news agencies has revealed some details of targets over the past couple of days. However, the scope of targeted attacks via Pegasus remains to be determined. Meanwhile, researchers at Amnesty International have developed a tool to find out if your phone is being targeted by spyware.
Called the Mobile Verification Toolkit (MVT), this tool is designed to help you determine if your phone is targeting Pegasus spyware. it works with both Android and iOS devices, although the researchers noted that it is easier to find signs of compromise on iPhones than on Android devices due to more forensic traces available on Apple hardware.
“In Amnesty International’s experience, there are significantly more forensic traces available to investigators on Apple iOS devices than on standard Android devices, so our methodology is focused on the former,” – NGO. said in their research.
Users need to back up their data so that MVT can decrypt the locally saved files on their phone to search for Pegasus indicators. However, in the case of a jailbroken iPhone, a full file system dump can also be used for analysis.
At the current stage, MVT requires some command line knowledge. However, over time, it can get a graphical user interface (GUI). The tool is also open source and In stock along with detailed documentation on GitHub.
Once backed up, MVT uses well-known indicators such as domain names and binaries to find traces associated with the Pegasus NSO. The tool can also decrypt iOS backups if encrypted. In addition, it extracts installed apps and diagnostic information from Android devices to analyze the data for any potential hack.
MVT requires at least Python 3.6 to run on the system. If you’re on a Mac, Xcode and Homebrew must also be installed. You also need to install dependencies if you want to look for forensic traces on your Android device.
After you finish installing MVT on your system, you need to enter Signs of Compromise Amnesty (IOC) available on GitHub.
As reported by TechCrunch, there might be a case where a tool might find a possible compromise that could be a false positive and should be removed from the available IOCs. However, you can read Forensic Methodology Report to check known indicators and find them in your backup.
In collaboration with Amnesty International, Forbidden Stories, a Paris-based journalistic non-profit organization, has shared a list of more than 50,000 phone numbers with the Pegasus Project, a news agency consortium. Of the total number of journalists, more than a thousand people were found in 50 countries, who were allegedly targeted by Pegasus spyware.
The list of targets included journalists working for organizations such as the Associated Press, Reuters, CNN, The Wall Street Journal and India’s The Wire, among others. Several politicians, including Rahul Gandhi of the Indian National Congress and political strategist Prashant Kishore, have also recently been announced as part of the targets.