The World's two biggest democratic nations India and the United States of America are gearing up for high-voltage elections this year. There is a high probability of disinformation and espionage to alter the democratic process.
Criminals will use all possible means to discredit potential winners, either by spreading fake news or targeting them with spy tools to hack smartphones to steal personal sensitive photos, videos, and files, and leak them to social media platforms to hurt their public image.
Spyware is a tough nut to crack, but the Kaspersky Global Research and Analysis Team (GReAT) has come up with ingenious ways to detect Pegasus, and other similar espionage tools Reign and Predator.
Using sysdiag dump analysis and Kaspersky's Mobile Verification Toolkit (MVT), the Research team has discovered that the Pegasus leaves behind its traces in Shutdown.log, stored within any mobile iOS device’s sysdiagnose archive.
The sysdiag dump analysis proves to be minimally intrusive and resource-light, relying on system-based artifacts to identify potential iPhone infections. Having received the infection indicator in this log and confirmed the infection using the Mobile Verification Toolkit (MVT’s) processing of other iOS artifacts, this log now becomes part of a holistic approach to investigating iOS malware infection. Since we confirmed the consistency of this behavior with the other Pegasus infections we analyzed, we believe it will serve as a reliable forensic artifact to support infection analysisMaher Yamout, Lead Security Researcher at Kaspersky’s GReAT
This is truly a good breakthrough as Pegasus does a fine job of avoiding detection even with sophisticated screening techniques. Now, it's finally possible to detect the tool early and weed it out of the phone.
Kaspersky has released an open-source tool on GitHub(here) for people to self-check the presence of the Pegasus on their iPhones. The Python3 scripts available on GitHub can help users with the extraction, analysis, and parsing of the Shutdown.log artifact. The tool is available for macOS, Windows, and Linux, to test the iPhone.
People with good knowledge of the intrinsic aspects of the software and hardware of the iPhone should try to self-check for Pegasus. If not sure, it is better to take it to a nearby trustworthy mobile repair shop or go to a tech-savvy friend or colleague.
Tips on how to protect yourself from Pegasus-like spyware on smartphones
-- Citizen Laba and Amnesty International suggest people reboot their phones every day, as 0-click spyware gets deleted during this procedure. And, this will irritate the spy agencies, as they have to try again and again to install spyware
--If you suspect that your iPhone is infected with spyware, turn on Lockdown mode to block the device from sending any files. Also, stop cyber attacks from espionage agencies. It should be noted that lockdown mode restricts several apps from functioning on the device.
--Whenever the device manufacturer rolls out a security patch or OS update, ensure to update the phone as soon as possible
-- Never click on URL links sent through emails or SMS from an unknown sender. Even when the person is known, be very cautious and avoid it if necessary.
-- Never install apps from websites or try to sideload an app third-party app store.
--Download apps only from the Google Play Store or Apple App Store or Microsoft Windows Store.
Get the latest news on new launches, gadget reviews, apps, cybersecurity, and more on personal technology only on DH Tech.
Deccan Herald is on WhatsApp Channels| Join now for Breaking News & Editor's Picks