Amnesty develops toolkit to detect Pegasus Spyware infection

The Mobile Verification Toolkit (MVT) developed by Researchers at Amnesty International can be used to detect if Pegasus Spyware has targeted your phone, as reported by Tech Crunch. According to a joint investigation by Forbidden Stories, "a French non-profit organisation, and Amnesty International, phones of more than 1,000 people were infected by the Pegasus spyware, spread across 50 countries."

The toolkit enable the users to check for malicious apps that may have attacked their devices. It can also be used to find out if the Pegasus spyware developed by Israel’s NSO Group to snoop in on journalists, ministers, and businessmen, has extracted data from your phone too.

How to use MVT? 

The Mobile Verification Toolkit can be used for both iOS as well as Android devices. It uses a command-line interface, so it may not seem very user friendly at first, but detailed documentation has been published with usage instructions. The toolkit requires installation of Python dependencies – these are available on the MVT website along with instructions.

MVT takes the entire iPhone backup and scouts for any indicators of compromise (IOCs) that are known to be used by NSO to deliver Pegasus. In case your iPhone backup is encrypted, MVT can decrypt it without making a separate copy. For the MVT to start scanning your phone, the user will have to feed in Amnesty’s IOCs available on its GitHub page. Each time the signs of compromise file updates, download an up-to-date copy. 

What is Pegasus Spyware?

According to the software’s description on the NSO Group’s website, the Pegasus spyware is capable of complete data extraction from the victim’s phone. This spyware can be used for remote and stealth monitoring, without the victim even realizing that they are being watched. The NSO Group’s website notes that the spyware can extract data remotely via untraceable commands.