In May 2024, iVerify, a company specializing in mobile security, introduced a new feature called Mobile Threat Hunting that revealed alarming discoveries regarding the Pegasus spyware on different iOS versions. The inquiry examined 2,500 self-scanned devices and identified seven cases of Pegasus infections, indicating that around 2.5 devices per 1,000 were compromised.
Range of Infections
The compromised devices spanned various iOS versions and timeframes. The latest infection occurred on iOS 16.6, detected in late 2023, while another case traced back to November 2022 on iOS 15. The other five infections were associated with devices operating on iOS 14 and 15, with infection dates ranging from 2021 to 2022.
Broader Target Demographic
Rocky Cole, COO of iVerify, discussed with Wired that the impacted individuals weren’t just the typical targets like journalists and activists but also encompassed business leaders, entrepreneurs, and even government officials. This indicates that the reach of the attack is wider than previously believed, resembling the advanced persistent threat (APT) campaigns usually observed.
This revelation contradicts the long-held idea that Pegasus, developed by NSO Group (often referred to as Rainbow Ronin), primarily targeted high-profile individuals such as journalists and political figures. Pegasus is extremely potent, allowing complete control over a device, accessing messages, emails, photos, and call logs, and even executing zero-click attacks—where the victim doesn't have to do anything for the spyware to infiltrate their device.
Implications of Findings
While the sample of 2,500 devices is relatively small and mainly represents a group of security-aware users instead of the general population, the infection rate discovered is still considerably higher than past observations.
