Kaspersky Lab’s Global Research and Analysis Team (GReAT) has developed an innovative method for detecting advanced spyware on iOS devices, such as Pegasus [7] [8], Reign [1] [2] [3] [4] [5] [6] [7] [8], and Predator [1] [2] [3] [4] [5] [7] [8].

Description

GReAT has conducted a thorough analysis of the Shutdownlog, a previously unexplored forensic artifact [7] [8], and has made a significant discovery. They have found that Pegasus infections leave traces in this system log [8]. By examining anomalies in the log following a device reboot [8], GReAT was able to identify instances of “sticky” processes associated with Pegasus [8]. Furthermore, they have observed a common infection path in the Shutdownlog for other iOS malware like Reign and Predator [7] [8].

To assist iPhone users in detecting potential infections, Kaspersky Lab has developed a self-check utility tool [3] [7] [8], which is available on GitHub for macOS [7] [8], Windows [7] [8], and Linux [7] [8]. This tool can be used to identify and mitigate spyware attacks. In addition, Kaspersky Lab recommends implementing preventive measures, such as daily reboots [3], enabling Apple’s Lockdown mode [2] [3] [4] [5], disabling iMessage and Facetime [2] [3] [4] [5], regularly updating iOS [2] [4], and conducting system diagnostics and backup checks [4].

Conclusion

The development of this new method for detecting advanced spyware on iOS devices is a significant advancement in cybersecurity. It provides iPhone users with a valuable tool to protect their devices from malicious attacks. By following the recommended preventive measures, users can further safeguard their devices against spyware. This research has important implications for the future of iOS security and highlights the ongoing need for vigilance and proactive measures in the face of evolving threats.

References

[1] https://www.iculture.nl/nieuws/kaspersky-spyware-tool-pegasus/
[2] https://safe.cnews.ru/news/line/2024-01-16laboratoriyakasperskogo
[3] https://www.infosecurity-magazine.com/news/tool-identifies-pegasus-ios-spyware/
[4] https://www.kaspersky.ru/about/press-releases/2024laboratoriya-kasperskogo-razrabotala-novyj-metod-obnaruzheniya-shpionskoj-programmy-pegasus-na-iphone
[5] https://flyytech.com/2024/01/17/new-tool-identifies-pegasus-and-other-ios-spyware/
[6] https://www.computerweekly.com/news/366566513/Kaspersky-shares-Pegasus-spyware-hunting-tool
[7] https://www.kaspersky.com/about/press-releases/2024
kaspersky-reveals-new-method-to-detect-pegasus-spyware
[8] https://vmblog.com/archive/2024/01/16/kaspersky-reveals-new-method-to-detect-pegasus-spyware.aspx