Cybersecurity researchers from iVerify have revealed widespread new infections of the Pegasus spyware, developed by NSO Group (dubbed “Rainbow Ronin”), showing that spyware targets not only activists and journalists but also professionals and civilians.
The company’s newly launched Mobile Threat Hunting feature has detected multiple instances of the infamous Pegasus spyware, developed by NSO Group (dubbed “Rainbow Ronin” by iVerify), on devices belonging to ordinary professionals and civilians.
Researchers conducted an extensive scan by iVerify and uncovered the following key findings:
- 2,500 self-scanned devices yielded seven Pegasus infections
- Infection rate of 2.5 devices per 1,000 scans, significantly higher than previous estimates
- Infections dating back to 2021, spanning multiple iOS versions
“These findings validate what we’ve long suspected: if you scan for it, you will find it,” said an iVerify spokesperson. “We’re uncovering threats that have been hiding in plain sight, undetected by traditional security measures.”
The investigation’s results challenge the prevailing notion that advanced spyware like Pegasus only targets high-profile individuals such as journalists, activists, and government officials. While the scanned devices did belong to higher-risk populations, the detection rate suggests a more widespread problem than previously acknowledged.
Analyse Real-World Malware & Phishing Attacks With ANY.RUN - Get up to 3 Free Licenses
Pegasus: A Sophisticated Adversary
NSO Group (Rainbow Ronin) developed Pegasus, which embodies cutting-edge spyware technology.
- Capable of complete device control
- Utilizes zero-click attacks for infection
- Exploits vulnerabilities in both iOS and Android
iVerify’s research uncovered five unique malware types across both major mobile operating systems, with forensic artifacts detected in various system logs.
This investigation highlights a critical gap in current mobile security practices. “As an industry, we’ve believed that mobile device security is good enough,” the iVerify spokesperson noted.
“But our findings suggest the threat landscape is far more complex and dangerous than we thought.” In the coming weeks, iVerify plans to release a detailed technical analysis of their Pegasus findings.
As mobile threats continue to evolve, iVerify’s work underscores the importance of proactive, user-accessible security measures. By putting powerful threat detection capabilities directly into users’ hands, the company aims to revolutionize how we approach mobile device security in an increasingly complex digital world.
Free Webinar on Best Practices for API vulnerability & Penetration Testing: Free Registration