contact us now

Pegasus Spyware: How Mobile Devices Are Compromised and What You Can Do

by | Aug 19, 2025

pegasus malware

In the modern digital age, our mobile devices are more than just communication tools—they are personal vaults containing sensitive information, banking details, private messages, photos, and even work-related data. Unfortunately, this makes smartphones a prime target for sophisticated cyberattacks. One of the most notorious examples is Pegasus, a highly advanced spyware developed by the Israeli company NSO Group.

What Is Pegasus?

Pegasus is not your average piece of malware. It is a zero-click spyware, meaning it can infect a device without the user clicking a malicious link or opening a suspicious attachment. This sets it apart from most other forms of malware, which typically require user interaction. Pegasus is often delivered through vulnerabilities in messaging apps (such as iMessage or WhatsApp) and can exploit weaknesses in both iOS (iPhones) and Android devices.

How Pegasus Affects iPhones

Apple devices are widely regarded as secure, but Pegasus has repeatedly bypassed Apple’s defenses using zero-day exploits. Once installed, Pegasus can:

  • Intercept messages and calls (including encrypted ones such as iMessage, WhatsApp, and Signal).
  • Access files and photos stored on the device.
  • Remotely activate the microphone and camera, effectively turning the phone into a surveillance tool.
  • Track GPS location in real time, mapping a user’s movements.

The sophistication of Pegasus lies in its stealth. Unlike typical malware, it leaves little trace, and most victims never realize they are being spied upon.

Can Pegasus Infect Android Devices?

Yes. Pegasus is also capable of targeting Android phones, although the infection process differs slightly. On Android, it generally relies on malicious apps or specially crafted exploits that bypass system security. Once active, it grants attackers access to nearly the same capabilities as on iOS—messages, microphone, camera, files, and location data.

Android devices are often considered more vulnerable due to the fragmented nature of updates across manufacturers. Unless a user is running the very latest security patches, their phone may remain exposed.

What Is Pegasus Capable Of?

The full list of Pegasus capabilities is chilling. Once installed, attackers may:

  • Read SMS, emails, and chat messages.
  • Exfiltrate passwords and authentication tokens.
  • Record phone calls in real time.
  • Monitor browsing history and online activity.
  • Access cloud accounts if credentials are stored on the device.

In effect, Pegasus can provide a complete snapshot of a person’s digital life. This makes it a powerful tool for government surveillance but also a severe risk to privacy and security if abused.

Can Pegasus Be Removed?

Detecting and removing Pegasus is not simple. The spyware is designed to be persistent and stealthy, often embedding itself deep in the operating system. In many cases, the most reliable way to eliminate it is:

  1. Wipe and reinstall the operating system (factory reset may not always be enough).
  2. Update to the latest OS version, since Apple and Google regularly patch vulnerabilities used by Pegasus.
  3. Replace the device entirely, especially if it has been compromised at a deep system level.

Unfortunately, there is no simple “antivirus” solution for Pegasus.

The Mobile Verification Toolkit (MVT)

To help users and researchers detect Pegasus, Amnesty International released the Mobile Verification Toolkit (MVT). This is an open-source tool that can analyze mobile device backups for signs of compromise.

  • For iPhones, MVT scans iTunes backups or full file system dumps for known Pegasus indicators of compromise (IoCs), such as suspicious processes, crash logs, or system anomalies.
  • For Android devices, MVT examines logs, SMS databases, and other system files to look for traces of infection.

While MVT does not remove Pegasus, it is a valuable resource for digital forensics experts, journalists, and security professionals seeking to confirm whether a device has been targeted.

Protecting Yourself Against Pegasus and Similar Threats

Although most Pegasus infections have been targeted at journalists, activists, and political figures, ordinary users can still take steps to protect themselves from advanced spyware:

  • Keep your device updated with the latest security patches.
  • Avoid sideloading apps from unofficial sources.
  • Enable automatic backups so you can restore clean data if your phone is compromised.
  • Regularly review device permissions, especially for camera, microphone, and location.
  • Consider using MVT if you believe you may be a target.

About Apple’s “com.apple.pegasus” App

Some iPhone users may come across a system component called com.apple.pegasus, which appears in certain app or system logs. According to Apple’s own developer documentation, this is simply an internal framework that supports Picture in Picture (PiP) functionality on iOS and iPadOS.

It is important to note that this is not related to the NSO Group’s Pegasus spyware. The name overlap is purely coincidental.

  • Apple’s com.apple.pegasus: A legitimate system service tied to PiP video playback.
  • NSO Group’s Pegasus: A commercial spyware suite used to compromise mobile devices.

As for which came first, Apple introduced com.apple.pegasus internally when Picture in Picture support arrived in iOS 9 (2015). NSO’s Pegasus spyware, while reported publicly in 2016, is believed to have been active in development earlier. Because both existed around the same timeframe, it’s difficult to say definitively which name came first — but there is no connection between Apple’s service and the spyware beyond the name.

This distinction matters, as some users mistakenly assume that seeing “Pegasus” on their iPhone means they are infected. In reality, it’s just Apple’s benign system framewo

Final Thoughts

Pegasus represents the extreme end of mobile device compromise: highly sophisticated, expensive, and primarily used against high-value targets. However, its existence demonstrates that no device is truly immune, even those considered most secure.

By staying vigilant, keeping devices updated, and making use of tools like Amnesty’s MVT, both individuals and organizations can take steps to defend against the risks posed by spyware.

If you have any questions or want to book a free consultation, contact me on LinkedIn. It is the best place to reach me.

https://www.linkedin.com/in/alain-filotto