According to accusations made by Amnesty International in December, the Pegasus spyware instance is still active and is allegedly targeting Indian journalists. According to the non-profit, the malware was installed on the phones of well-known journalists.
Months before Apple sent out a security alert to some iPhone users—including opposition leaders in India—announcing a state-sponsored effort to hack their devices, Amnesty International released its report. The iPhone manufacturer acknowledged at the time that some threat alerts might be false alarms and that certain attacks might go undetected.
Now, Kaspersky researchers have created a simple technique to identify telltale signs of infection from advanced iOS malware, such as Pegasus, Reign, and Predator. The process makes use of shutdown.log analysis, a forensic artefact that has never been studied before.
Do Indian journalists fall prey to Pegasus spyware?
Pegasus infections leave evidence in the systemlog, shutdown, and logs kept within iOS devices’ sysdiagnose archives, according to research by the cybersecurity business.
Researchers also discovered that other malware, such as Reign and Predator, travel comparable routes to infect mobile devices and may be able to detect infections linked to these families of malware through analysis of system logs in iOS devices.
An additional tool that researchers created to help with shutdown log extraction, analysis, and parsing is a self-check tool for users.
According to a press statement from Kaspersky, users of Linux, Windows, and macOS can access the program, which is openly available on GitHub.
Pegasus and other similar spyware frequently rely on zero-click and zero-day exploits without any persistence. Attackers must constantly infect devices because users are encouraged to reboot their gadgets in order to disinfect them. Long-term detection odds are also raised by this.
In addition, users ought to make use of the increased safety modes that come with their devices and make sure they are running the most recent software update that has been sent by the manufacturers.