How to check if my iPhone is infected with Pegasus using MTV?

We think, you got the news that our government will be using Spyware called Pegasus to hack critics’ phones. There is a device available by which you can check if you’re in this list.

Amnesty, one of the members of the Pegasus project, made a public toolkit for users to check if their phone is infected with Pegasus.

The toolkit named MVT requires users to know if their way around the command line. It works more effectively on iOS than Android.

In this article, we will guide you how you can use this tool to detect Pegasus on your iPhone in a step-by-step manner.

Firstly, create an encrypted backup and transfer it to a Mac or PC. You can use Linux here, but for this, you require installing libimobiledevice.

On completely the process of backing up the phone, download python 3.6 or newer on your system – if you don’t have it.

Then, go to the Amnesty’s manual. There, you can easily install MTV on your system. Installing MTV will provide you the utilities that you can use in the Python command line.

Now, you go through the below provided steps to know how to use MVT to detect Pegasus on an iPhone backup.

Step-by-step guide to use MTV to detect Pegasus on iPhone

First of all, decrypt the data backup. For this, enter the below format after replacing the placeholder text with your custom path:

mvt-ios decrypt-backup -p password -d /decrypted /backup

Now, you have to run a scan on the decrypted backup, using the latest ICOs and store the result in an output folder,

So, you require IOCs for this step. Download the newest IOCs from here. Upon this, enter the provided below instruction format on your custom directory path:

mvt-ios check-backup -o /output -i /pegasus.stix2 /backup

After the scanning process is done, MTV places JSON files on some specific output folder. If any JSON file has a suffix _detected, this means that your iPhone is infected with Pegasus spyware.

However, you should know this fact that Amnestry regularly updates ICOs for better understanding of how Pegasus spyware operates.

Therefore, you should require making it ensure that if IOCs are updated so as to avoid case of false positives.

Leave a Reply