In recent years, commercial spyware has been deployed by more actors against a wider range of victims, but the prevailing narrative has still been that the malware is used in targeted attacks against an extremely small number of people. At the same time, though, it has been difficult to check devices for infection, leading individuals to navigate an ad hoc array of academic institutions and NGOs that have been on the front lines of developing forensic techniques to detect mobile spyware. On Tuesday, the mobile device security firm iVerify is publishing findings from a spyware detection feature it launched in May. Of 2,500 device scans that the company’s customers elected to submit for inspection, seven revealed infections by the notorious NSO Group malware known as Pegasus.
“The really fascinating thing is that the people who were targeted were not just journalists and activists, but business leaders, people running commercial enterprises, people in government positions,” says Rocky Cole, chief operating officer of iVerify and a former US National Security Agency analyst.
“The age of assuming that iPhones and Android phones are safe out of the box is over,” Cole says.
iVerify’s app was released earlier this year for Android, too.
See https://arstechnica.com/security/2024/12/1-phone-scanner-finds-seven-pegasus-spyware-infections