This post is also available in:
עברית (Hebrew)
New findings by iVerify, a mobile security platform, suggest that Pegasus, the powerful spyware developed by the Israeli NSO Group, may be more pervasive than previously believed. After scanning 2,500 devices, iVerify uncovered seven instances of Pegasus infections, revealing that this sophisticated malware is not only targeting high-profile individuals, but is also affecting everyday phone users.
The company’s scanning tool, made publicly available in May 2024, was used by users to check their devices for the spyware. The discovery of seven infections may seem small, but the company calls it a “massive red flag” for mobile security. This represents a rate of 2.5 infections per 1,000 devices—much higher than earlier assumptions. Previously, investigations into Pegasus were mostly limited to a small sample of high-risk individuals, but these new findings indicate a wider reach.
The detected infections date back to late 2023, while others go back as far as 2021. Despite Pegasus’s known ability to operate in memory and self-delete, traces of the spyware were still detectable on the devices through diagnostic data and system logs.
Pegasus is notorious for its ability to exploit vulnerabilities in both iOS and Android devices, providing complete control over the device, including access to messages, photos, calls and emails. The spyware is delivered as a “zero-click” attack, meaning it can infect a device without the user ever interacting with it. iVerify’s discovery highlights the difficulty in detecting such advanced spyware, as it often evades traditional security measures.
The company hopes that by making this tool available to the public, it can shine a light on the hidden dangers of mobile security and encourage better protection against these invisible threats. As Pegasus continues to raise concerns, both privacy advocates and security experts are calling for more transparency and stronger defenses against such invasive technologies.
