The Pegasus malware has been in the news since it came to light over the last weekend, that it was being used to spy on some of the world’s most famous political figures, including some Pakistani big names such as PM Imran Khan.
Amnesty International — part of the group that helped reveal the underlined news — has released a new tool for everyone to check if their devices were affected/accessed by the Israeli spyware.
Termed Mobile Verification Toolkit (MVT), the tool aims to help identify if Pegasus infected your device or not. While the MVT works perfectly on both Android and iOS devices, it still demands some command line knowledge to operate and interpret.
Here’s a GitHub link for the tool.
The Mobile Verification Toolkit works on both iPhones and Android devices, but methods for both are different. The Amnesty team says that iPhones were found to have more forensic traces than Android devices, which makes the spyware easier to detect on iPhones.
In principle, the MVT will let you take an entire iPhone backup (or a full system dump if you jailbreak your phone) and check for any indicators of compromise known to be exploited by the Israeli spyware Pegasus, such as domain names used in infrastructure that might be sent by text message or email.
If you have an encrypted iPhone backup, you can also use MVT to decrypt your backup without making a new copy.
For android, the MVT scans the backup folder for text messages to detect links to domains used by unauthorized entities in countries like India and Israel.
The toolkit is fairly simple to use on PCs if the user has some knowledge about Command Prompts and how to use them for installation purposes.