In May 2024, mobile security company iVerify rolled out a new Mobile Threat Hunting feature that uncovered some concerning findings about the Pegasus spyware on various versions of iOS. The investigation looked at 2,500 devices that were self-scanned, and it found seven infections from Pegasus, which means about 2.5 devices out of every 1,000 had been compromised.
The infected devices covered a range of iOS versions and different time periods. The most recent case was on iOS 16.6, found in late 2023. Another infection dated back to November 2022 on iOS 15. The remaining five infections were on devices running iOS 14 and 15, with dates spanning from 2021 to 2022.
iVerify's COO Rocky Cole shared with Wired that the victims weren’t just the usual targets like journalists and activists, but also included business leaders, entrepreneurs, and even government officials. This suggests that the scope of the attack is broader than previously thought, and more in line with the kinds of advanced persistent threat (APT) campaigns we usually see.
This finding challenges the long-standing belief that Pegasus, created by NSO Group (also known as Rainbow Ronin), mostly went after high-profile targets like journalists and political figures. Pegasus is pretty powerful, with the ability to fully control a device, access messages, emails, photos, and call logs, and even carry out zero-click attacks—meaning the victim doesn’t have to do anything for it to infect their phone.
Though the 2,500-device sample is a small, focused mainly on a group of security-conscious users rather than the general public, the infection rate found here is still much higher than what we've seen before.
Source(s)
iVerify (in English)