iVerify Report: Pegasus Spyware Rampant Across Smartphones

Pegasus spyware, created by the Israeli firm NSO Group, has been identified on a growing number of smartphones worldwide. It targets individuals ranging from journalists and activists to business leaders and government officials. A report by mobile security company iVerify uncovered seven infections out of 2,500 devices scanned using its Mobile Threat Hunting tool, revealing the widespread reach of the Pegasus malware.

These findings demonstrated the commercial spyware’s ability to infiltrate iOS and Android devices. According to Dark Reading, Pegasus leverages zero-click vulnerabilities to extract sensitive data, such as emails, messages, credentials, and location information, without the victim's knowledge.

Researchers detected these infections through diagnostic data, shutdown logs, and crash reports, which provided evidence of the malware’s presence on devices using iOS versions 14, 15, and 16.6 and Android systems. Matthias Frielingsdorf, the iVerify co-founder, noted the implications: “Our investigation detected 2.5 infected devices per 1,000 scans — a rate significantly higher than any previously published reports.”

This discovery challenges previous assumptions about Pegasus's limited targeting scope. Traditionally believed to be a tool for state-sponsored surveillance against high-profile individuals, the new findings indicate that it is being used more broadly. In the Wired report, iVerify’s Chief Operating Officer Rocky Cole emphasized this evolution, stating, “The age of assuming that iPhones and Android phones are safe out of the box is over.”

The spyware's reach was further highlighted in a TechCrunch report detailing an attack on a major business leader. Cole described the targeted individual as “completely surprised” by the spyware’s presence, underscoring the risk of Pegasus being misused for commercial espionage. This case joins others, including attempts to breach the phones of political campaign officials, suggesting a diversification of targets that extends beyond activists and dissidents.

Legal actions and past investigations have also shed light on Pegasus's operations. A Record report cited court filings from WhatsApp, revealing how NSO Group exploited vulnerabilities in its platform to target 1,400 users in 2019. The spyware’s zero-click feature, which bypasses user interaction to install itself, was a key factor in these breaches. WhatsApp has accused NSO of violating US laws, a claim the company denies.

As Pegasus infections continue to surface, security experts emphasize the importance of frequent software updates and proactive detection tools. These findings highlight the evolving threat of spyware and its implications for privacy and security across all sectors of society.