How to Detect Pegasus on Your Phone and Protect Against Spying

photo: Mikhail Nilov/Pexels

Special services using Pegasus can infect phones through various mechanisms. Sometimes, SMS or iMessage messages contain a link to a website, which, when clicked, installs the malicious software on the device. Others use a "zero-click" attack, exploiting iMessage vulnerabilities in iPhones that allow infection simply by receiving a message without user interaction.

How to Check if Your Phone Has Pegasus Spyware?

- The easiest solution is to use Amnesty International’s mobile verification toolkit. This tool works on Linux or MacOS and can analyze files and configurations on a mobile device by examining a backup downloaded from the phone. However, the analysis cannot confirm if the smartphone has been hacked but only detects indicators of compromise that may indicate an infection, explains Mariusz Politowicz from Marken, a distributor of Bitdefender in Poland.


Amnesty International’s tool can detect the presence of specific software on the device and a range of domains used in the global infrastructure supporting spyware networks.

Protection Against Spyware

Unfortunately, there is currently no solution to protect against zero-click attacks, but there are relatively simple steps to minimize the risk of infection from Pegasus and other malware. The most important is to open links only from known and trusted sources.

- Pegasus is deployed on Apple devices through iMessage links. This is the same technique used by many cybercriminals for malware distribution and simpler scams. The same advice applies to links sent via email or other messaging apps - explains Mariusz Politowicz.

Devices should also be kept up to date with appropriate patches and updates. Android users should not rely on notifications about new operating system versions and should manually download the latest version, as device manufacturers may not provide updates.

Though it may seem obvious, physical access to the phone should be limited. This can be done by enabling PIN unlocking, fingerprint, or face recognition on the device. Avoid public and free Wi-Fi services (including hotels), especially when accessing sensitive information. While using such networks, the best solution is to use a VPN. Encrypting data and enabling remote wiping is also good practice. If the device is lost or stolen, data remains safe.

What is Pegasus?

Pegasus, developed by Israel’s NSO Group, is software used to spy on smartphone users. Once installed, it extracts contacts, photos, messages, allows phone call interception, captures keystrokes, and enables camera access.

In an investigative report by The Washington Post, 1,000 people in 50 countries were identified among 50,000 analyzed phone numbers as targets of Pegasus spyware. Those monitored included journalists, politicians, government officials, executives of large corporations, and human rights activists.

Why Do We Still Click on Suspicious Links?

Up to 76% of respondents who value cybersecurity could not recognize phishing attempts, according to a study by Tessian. This type of cyberattack - encouraging users to click a malicious link - remains effective. Why, despite increased public awareness about security, do people continue to click on suspicious links?

One reason is the emotional response triggered by the message (via SMS, email, or even an incoming call). Criminals craft messages to evoke fear or uncertainty in the recipient.


Another reason is our trust in familiar entities. Banks, streaming platforms, postal operators, or energy companies create a sense of security. We trust that the technology infrastructure in large companies is properly secured and that messages from such companies are reliable.

How to Defend Against Phishing?

Remember a few basic rules:

• Before downloading an attachment, read the message carefully. Fake messages often contain spelling and punctuation errors,
• verify the sender`s details. The email addresses used by scammers may differ from authentic ones by easy-to-miss details, like a typo in the domain name,
• use antivirus software. Anti-phishing filters increase the chances of detecting a threat - whether a fake or suspicious website,
• verify the domain before using its services. If you find yourself on a website (especially for a bank or a site offering payments), check if the SSL certificate truly belongs to it by clicking the padlock symbol in the address bar and verifying the certificate owner`s name.

It’s worth remembering that, just as on the road, in the digital world we should apply the principle of limited trust. Habitual link-clicking is a very risky behavior.