No one is safe from Pegasus: spyware detected on ordinary people’s phones (cybernews.com)
from solo@slrpnk.net to technology@lemmy.world on 05 Dec 14:36
https://slrpnk.net/post/15858999

Self-scans reveal that Pegasus, an invasive and powerful spyware that can secretly control phones and track owners, might be more widespread than previously thought. It was discovered on the phones of everyday phone users.

From wikiHow: How to Check Your Smartphone for Pegasus Spyware

#technology

threaded - newest

AnotherWorld@lemmy.world on 05 Dec 15:24 next collapse

And google pixel flashed on Ubuntu touch? 😏

sugar_in_your_tea@sh.itjust.works on 05 Dec 19:03 next collapse

I’m hoping my Pixel flashed w/ GrapheneOS is good to go.

prettybunnys@sh.itjust.works on 06 Dec 12:08 next collapse

Yeah, probably.

mxcory@lemmy.blahaj.zone on 06 Dec 16:12 collapse

I forgot about Ubuntu touch. How is the experience?

AnotherWorld@lemmy.world on 06 Dec 16:31 collapse

Terrible experience. Nothing works, everything slow, and the main thing inside the blobs is still android, without which of course it will not work

RandomStickman@fedia.io on 05 Dec 15:33 next collapse

Damn, I oughtta give my phone a check

embed_me@programming.dev on 05 Dec 16:18 collapse

Let’s say there are signs of it being infected. What can you do next?

9tr6gyp3@lemmy.world on 05 Dec 16:34 next collapse

Buy/replace your phone

GhiLA@sh.itjust.works on 06 Dec 16:28 collapse

How do you keep that one from reinfecting?

9tr6gyp3@lemmy.world on 06 Dec 16:45 collapse

You can try factory reset, but more than likely they control the boot process, so you can’t get rid of the malware no matter what you do.

You might be able to trade it in with your manufacturer. They might be interested in having an infected phone to study.

LambdaRX@sh.itjust.works on 05 Dec 18:30 next collapse

Reinstall rom

IHawkMike@lemmy.world on 05 Dec 20:05 next collapse

I don’t know the full answer, but Pegasus isn’t one single piece of spyware, but rather a toolkit of many, many zero-day exploits.

A lot of them (the majority maybe?) are non-persistent meaning that they don’t survive a reboot.

That said, aside from keeping your phone up to date with security patches and rebooting frequently, I’m not sure there’s much the average person can do if you’re actively being targeted.

sugar_in_your_tea@sh.itjust.works on 06 Dec 16:38 collapse

I installed GrapheneOS the moment I got my phone, which should give me a few protections over standard Android.

Longer term, I intend to get a Linux phone, I’m just waiting for the hardware and software to improve. I already almost entirely avoid the Play store, so making the final switch shouldn’t be that big of a jump.

JohnWorks@sh.itjust.works on 05 Dec 16:08 next collapse

I don’t think I saw it mentioned but if you’re already running/subbed to bitdefender av then you can install that on phone to detect it.

www.bitdefender.com/consumer/support/…/1775/

IHawkMike@lemmy.world on 05 Dec 20:10 collapse

I’d be careful about completely trusting any AV to give you any certainty that you aren’t infected.

As I mentioned in another comment, Pegasus is comprised of many different exploits. So just because Bitdefender can detect some older Pegasus variants, doesn’t mean it can detect all of them.

In fact it’s quite unlikely they can detect the latest variants.

sepi@piefed.social on 05 Dec 16:22 next collapse

There could be spyware on your phone! Install this shady app to find out if you have the spyware or not!

I wonder if the shady app in the link is the spyware. This would be a brilliant way of getting on to people's phones.

vhstape@lemmy.sdf.org on 05 Dec 16:32 next collapse

My thoughts exactly… If there’s a FOSS tool to check, then we’d be talking.

TherapyGary@lemmy.blahaj.zone on 05 Dec 22:15 collapse

Lol I almost linked you to your own comment

LostXOR@fedia.io on 05 Dec 16:38 next collapse

What do you mean??? WikiHow is a collection of only the most reliable tutorials and information. Now be good and install the shady app.

solo@slrpnk.net on 05 Dec 16:39 next collapse

Yeah, I see what you mean and on top of that you would need to pay for it.

That’s why I added in the description a link with instructions on the free tool designed by Amnesty International’s Security Lab.

sugar_in_your_tea@sh.itjust.works on 05 Dec 19:02 next collapse

Yeah, I’ll just assume that my GrapheneOS install is safe, the checker probably wouldn’t work anyway…

eleitl@lemm.ee on 06 Dec 13:20 collapse

I haven’t checked, does GrapheneOS do reproducible/deterministic builds so that you could verify that the published release matches your image? The boot attestation should not be able to be circumvented, if you trust Google hardware to do what it says on the tin.

sugar_in_your_tea@sh.itjust.works on 06 Dec 13:36 collapse

Here are the built-in tools for verifying authenticity, a project to reproduce builds, and a thread where the devs confirm reproducibility and other community members link the above.

TL;DR - Yes.

eleitl@lemm.ee on 06 Dec 13:45 collapse

Thanks, interesting. I have used boot attestation but not yet Auditor. Hope to have some quality time reading up on the documentation in the coming three weeks.

sugar_in_your_tea@sh.itjust.works on 06 Dec 14:16 collapse

I’m considering running my own build farm for updates, so maybe I’ll write up a post about it if I get to it.

Celestus@lemm.ee on 05 Dec 19:15 next collapse

Doesn’t seem like they’d offer the ability to scan an existing backup without touching your device, if that were the case

rottingleaf@lemmy.world on 06 Dec 13:05 next collapse

It worked with antivirus scanning - more than half of Windows PCs have spyware on them their users consciously installed so that it would scan and report what they run.

Squizzy@lemmy.world on 07 Dec 15:36 collapse

All windows PCs have spyware on them by definition

AWittyUsername@lemmy.world on 06 Dec 17:27 next collapse

Nothing like a shading backdoor onto people’s devices than a literal Trojan horse such as a virus scanner.

CosmoNova@lemmy.world on 07 Dec 09:39 collapse

That’s outdated stuff. Pegasus doesn’t need phishing methods to get on your phone. It just installs itself when an actor sends it your way. You won’t notice it and the only way to prevent it is to not use a phone.

rottingleaf@lemmy.world on 13 Dec 12:50 collapse

It technically uses various zero-day zero-click exploits to get there. Which is why it functions like a service - they need to maintain relevance of those exploits. Imagine, a whole service of clearly illegal activity, which doesn’t get absolutely destroyed simply because it’s useful to spy on dissidents.

[deleted] on 05 Dec 16:31 next collapse

.

vhstape@lemmy.sdf.org on 05 Dec 17:05 next collapse

Amnesty International provides a FOSS tool to check your mobile backups for traces of the Pegasus Spyware. I’d trust that over a sketchy proprietary app. Link: docs.mvt.re.

gcheliotis@lemmy.world on 05 Dec 20:21 next collapse

Cool. I had no idea. Still…

MVT is a forensic research tool intended for technologists and investigators. Using it requires understanding the basics of forensic analysis and using command-line tools. MVT is not intended for end-user self-assessment. If you are concerned with the security of your device please seek expert assistance.

A_A@lemmy.world on 05 Dec 23:23 next collapse

Everyone is safe from Pegasus …
Except cell phone owners (which is most everyone)
Exception to the exception : people who know about this excellent FOOS tool (and know someone who can use it) - - thanks

prettybunnys@sh.itjust.works on 06 Dec 12:07 collapse

It can help you if you think you are BUT especially with iPhones it can only scan your backup, unless you jailbreak the phone and can do a full disk dump.

As a mobile security expert this is just one of the tools in the kit, but it ought not be used by a “end user” as a verification tool. This does NOT verify you aren’t being tracked, it can only verify that signatures of the malware exist.

gcheliotis@lemmy.world on 06 Dec 14:40 collapse

And would signatures of Pegasus exist in the backup?

prettybunnys@sh.itjust.works on 06 Dec 15:09 collapse

Yes. Maybe. Sometimes. Much more likely if you do an encrypted backup and decrypt it with the tool.

Regardless it’s not guaranteed to pick them up.

gcheliotis@lemmy.world on 06 Dec 15:15 collapse

May give it a try one of these days. But knowing nothing of the reliability of the tool in detecting the malware decreases my motivation to even try I must say.

prettybunnys@sh.itjust.works on 06 Dec 15:47 collapse

The warning was meant for you.

BrianTheeBiscuiteer@lemmy.world on 06 Dec 02:59 collapse

Ugh. So it looks like I can’t even do this with Termux. Gotta dig out one of my few cables that does data transfer.

[deleted] on 05 Dec 17:21 next collapse

.

Earflap@reddthat.com on 05 Dec 17:23 next collapse

Download a random app an execute it blindly to check for some malware I’ve never heard of? Hard pass.

x00z@lemmy.world on 06 Dec 15:22 collapse

I fully understand, but not knowing about Pegasus malware is pretty weird. It’s state actor spyware made by Israel (with worldwide governmental funding).

sugar_in_your_tea@sh.itjust.works on 06 Dec 16:36 collapse

If you’ve been around tech circles for any length of time, sure, but your average person probably hasn’t heard of it.

x00z@lemmy.world on 06 Dec 19:11 collapse

I’ve doublechecked this, and you are indeed correct. The news is still reported on, but Pegasus is not always mentioned by name and if it is it’s mostly a single mention in a little passage.

RangerJosie@lemmy.world on 06 Dec 03:09 next collapse

I don’t care. I’m a wage slave. Not a senator or exec at some financial firm.

AWittyUsername@lemmy.world on 06 Dec 17:38 collapse

Cool I bet you sleep with your curtains/blinds open, don’t lock your doors and post your address online right? Who cares about privacy.

prettybunnys@sh.itjust.works on 06 Dec 12:05 collapse

You can use pip to install the tool.

it’s call mvt

Your package manager might have it.

If you’re on a Mac just use brew to install it.

Don’t use this third party app.