Despite NSO Group's claims, spyware continues to target journalists, dissidents and protesters. The wife of Saudi journalist and dissident Jamal Khashoggi, Hanan Elatr, is said to have been too focused with Pegasus before his death. In 2021, New York Times reporter Ben Hubbard taught it his phone had been targeted by Pegasus twice.
Pegasus was quietly implanted on iPhone Claude Magnínthe wife of the political activist Face Asfari, who was imprisoned and reportedly tortured in Morocco. Pegasus has also been used for aiming pro-democracy protesters in ThailandRussian journalist Galina TimchenkoAnd British government officials.
In 2021, Apple filed court case against NSO Group and its parent company to hold it responsible for “the surveillance and targeting of Apple users.”
The case is still ongoing at NSO Group to attempt to dismiss the lawsuit, but experts say the problem won't go away as long as the spyware vendors can operate.
David Ruiz, senior privacy attorney at security firm Malwarebytes, blames “the obsessive and oppressive operators behind spyware for increasing its danger to society.”
The Spyware Drain
If you encounter a zero-click exploit that delivers spyware, experts say there is very little you can do to protect yourself or restore the security of your devices. “The best thing to do if you are being targeted is to completely abandon both the hardware and any associated accounts,” said Aaron Engel, Chief Information Security Officer at ExpressVPN. “Buy a new computer, get a new phone number, and create completely new accounts tied to the device.”
Detecting spyware can be challenging, but unusual behavior such as rapid battery drain, unexpected shutdowns or high data usage can indicate an infection, says Javvad Malik, chief security awareness attorney at security training organization KnowBe4. Although specific apps claim to detect spyware, their effectiveness can vary and professional help is often needed for reliable detection, he says.
Chris Hauk, consumer privacy advocate at Pixel Privacy, agrees that battery drain is a strong indicator of spyware on your device. “Most spyware is not designed to work efficiently,” he says.
Users should also look out for apps they don't have installed, forced redirects because a browser has been hijacked, and changed settings in their default browser or search engine.
Earlier this year, Kaspersky's team arrived introduced a method to detect indicators of infection by iOS spyware such as Pegasus, Reign and Predator. It is effective because Pegasus infections leave traces in the unexpected system log Shutdown.log, stored in the sysdiagnosis archive of iOS devices, the security organization says.
Another step you can take to secure your device is to make sure you restart it at least once a day. “This necessitates that attackers repeatedly reinfect, increasing the likelihood of detection over time,” Larin said.
If you might be a target, you can also disable iMessage and FaceTime to reduce the risk of falling victim to zero-click attacks. At the same time, keep your device updated with the latest software and avoid clicking on links you receive in messages such as emails.
“To protect against known vulnerabilities, update to the latest software version, use multi-factor authentication, and only install applications from verified and legitimate sources,” said Adam Price, cyber threat intelligence analyst at Cyjax.
If you do become a victim, there are helplines available for help with spyware removal, such as those from Access Now Digital security helpline and that of Amnesty International Security laboratory. Meanwhile from Apple Lockdown mode– which disables certain features but is surprisingly useful – can protect your iPhone from infections at all.