A recent investigation by iVerify has revealed that Pegasus spyware may be infecting mobile devices more frequently than previously acknowledged. The study, which engaged 2,500 participants using a budget-friendly app, identified seven instances of Pegasus infections across various regions. This development highlights growing concerns over digital security and the potential targeting of diverse user groups.
Earlier analyses indicated that advanced spyware like Pegasus was primarily employed against specific high-profile targets, such as journalists and political figures. However, the iVerify study suggests a broader distribution, affecting not only activists but also business leaders without direct political engagements. This shift signifies a possible expansion in the use of sophisticated spyware tools.
Methods Used in the Study
iVerify utilized a $0.99 version of its technology as an app to scan devices for threats. The investigation incorporated threat signatures established by organizations like the University of Toronto’s Citizen Lab, ensuring reliable detection of Pegasus spyware. The infections identified spanned from 2021 to 2023, with most traces being attribute-specific, indicating that the spyware was not actively running on the devices at the time of scanning.
Distribution of Infections
All seven detected Pegasus infections were located outside the United States, aligning with NSO Group’s claims that it cannot target U.S. phone numbers. These infections were distributed across Europe, the Middle East, and nations within the Global South. The victims included not just journalists and activists but also business leaders not overtly involved in political activities.
Implications for Mobile Security
The elevated rate of spyware infections uncovered by iVerify underscores the need for enhanced mobile security measures.
“Our investigation detected 2.5 infected devices per 1,000 scans — a rate significantly higher than any previously published reports,”
iVerify stated. According to Rocky Cole, chief operating officer and co-founder of the company,
“Our findings suggest that commercial spyware in particular is far more prevalent than people think,”
highlighting a shift from the previously held belief that spyware was mainly a concern for law enforcement, activists, or journalists.
The findings by iVerify indicate a significant increase in the prevalence of sophisticated spyware like Pegasus, expanding its impact beyond traditional targets. Users across various sectors, including business leaders, now find themselves potentially vulnerable to such threats. This trend necessitates immediate action from both technology providers and users to implement robust security measures and stay informed about evolving digital threats.
