How to detect if your iOS device is affected by Pegasus spyware

To help users protect themselves from sophisticated iOS spyware threats like Pegasus, its newer variants Reign and Predator, researchers at Kaspersky have unveiled a novel, lightweight detection method.

To help users protect themselves from sophisticated iOS spyware threats like Pegasus, its newer variants Reign and Predator, researchers at Kaspersky have unveiled a novel, lightweight detection method.

Kaspersky's experts reveal that Pegasus infections leave traces in an unconventional system log called Shutdown.log, located within the sysdiagnose archive of any iOS device. This archive stores data from every reboot, making it a key location to identify anomalies caused by Pegasus when an infected device undergoes a restart.

Kaspersky experts made a tool to help users find spyware on their devices. The tool uses Python3 scripts to get and check the Shutdown.log file. The tool is free and works on macOS, Windows and Linux. You can find it on GitHub.

Additionally, the experts reveal that Spyware like Pegasus is very hard to detect and stop. But users can take protective measures to make it harder for attackers to spy on them. Kaspersky experts suggest these tips to protect your iOS device from spyware:

Some research says that Pegasus uses zero-click attacks that don't stay on the device. Restarting every day can remove the spyware, and make the attackers try again, which can be noticed.