Spyware on the Rise: Routine Device Checks Reveal Shockingly High Infection Rates
The world of mobile security has been shaken by findings from iVerify, a mobile device security firm, which suggests that the use of commercial spyware like Pegasus is far more widespread than previously thought. The company, using its Mobile Threat Hunting feature, analyzed 2,500 devices and uncovered seven infections by the notorious NSO Group malware. What’s particularly alarming is the profile of those targeted:
"The really fascinating thing is that the people who were targeted were not just journalists and activists, but business leaders, people running commercial enterprises, people in government positions,” says Rocky Cole, chief operating officer of iVerify and a former US National Security Agency analyst. “It looks a lot more like the targeting profile of your average piece of malware or your average APT group than it does the narrative that’s been out there that mercenary spyware is being abused to target activists. It is doing that, absolutely, but this cross section of society was surprising to find.”
This discovery forces us to reconsider the prevailing perception that spyware attacks are limited to a small group of high-profile targets. Could your own phone be vulnerable?
While seven out of 2,500 scans might appear like a small number, it’s crucial to consider the demographics of iVerify’s user base, comprised of individuals already concerned about mobile security. This finding could be a glimpse into a vast, previously undetected problem.
"The age of assuming that iPhones and Android phones are safe out of the box is over,” Cole asserts. “The sorts of capabilities to know if your phone has spyware on it were not widespread. There were technical barriers and it was leaving a lot of people behind. Now you have the ability to know if your phone is infected with commercial spyware. And the rate is much higher than the prevailing narrative.”
The challenge lies in the highly sophisticated nature of spyware like Pegasus, designed to evade detection. iVerify’s breakthrough came from developing unique detection techniques that leverage telemetry data by analyzing diagnostic data, shutdown logs, and crash logs.
"NSO Group sells its products exclusively to vetted US & Israel-allied intelligence and law enforcement agencies," NSO Group spokesperson Gil Lainer told WIRED in a statement. "Our customers use these technologies daily.”
However, this statement provides little comfort, as these newfound vulnerabilities highlight the need for accessibility to "recognize if your phone is infected with commercial spyware." In a world where our smartphones hold vast amounts of personal and professional data, the threat posed by spyware is undeniable.
iVerify’s Mobile Threat Hunting feature is already proving its value. The tool has helped identify spyware on the phone of Gurpatwant Singh Pannun, a Sikh political activist targeted in an alleged assassination plot. Similarly, suspicious activity was flagged on the mobile devices of two campaign officials during the recent presidential race.
These real-world examples underscore the urgent need for individuals and organizations to be proactive in protecting themselves from this increasingly common threat. The era of complacency regarding mobile device security is over.
