While checking your phone for Pegasus spyware is no easy task, it is possible to researchers at Amnesty, who worked on a toolkit called MVT or Mobile Verification Toolkit. Interestingly, the tool can also scan for other malicious apps on the device.
The toolkit works on the command line, so it is not a fancy, fancy user experience and requires basic knowledge of terminal navigation. We got it up and running in about 10 minutes, plus time to create a new backup of an iPhone, which you’ll want to do if you want to check up on time. In order for the toolkit to be ready to scan your phone for signs of Pegasus, you’ll need to feed Amnesty’s CIOs, which it has on its GitHub page. Whenever the compromised file flags are updated, download and use an updated copy.
Once you start the process, the toolkit scans your iPhone’s backup file for any evidence of compromise. The process took about a minute or two to complete and cough up several files in a folder with the scan results. If the toolkit finds a possible compromise, it will say so in the generated files. In our case, we had a ‘detection’, which turned out to be a false positive and was removed from the CIOs after verification with Amnesty researchers. A re-scan using the updated IOCs returned no signs of compromise.
Since it is more difficult to detect an Android infection, MVT takes a similar but simpler approach by scanning your Android device backup for text messages that contain links to domains known to be used by NSO. The toolkit also allows you to scan for potentially malicious apps installed on your device.