The online realm is growing more susceptible to attacks as we completely revolutionize the digital world. Malware-related cyberattacks are a continuous worry for both people and governments. The Pegasus spyware is the most worrisome of these threats. A device can be compromised once it has been infected, giving distant attackers access to all data and turning it into an effective monitoring tool.
Researchers at Kaspersky have unveiled a novel, lightweight detection method to help users defend themselves against sophisticated iOS spyware threats like Pegasus, its newer variants Reign and Predator. Using the Shutdown.log file, an unstudied forensic artifact, as a starting point, The Global Research and Analysis Team (GReAT) at Kaspersky has created an easy-to-use method for spotting compromise indicators. They have also developed a self-check tool that makes it simple for users to determine how vulnerable they are.
Described in detail by Kaspersky’s experts, Shutdown.log is an unusual system log that can be found in the sysdiagnose archive of any iOS device and contains evidence of Pegasus infections. When an infected device restarts, this archive holds data from each reboot, making it a crucial place to find anomalies brought on by Pegasus.
They also observed instances of “sticky” processes, primarily from Pegasus, which make reboots difficult, as well as additional spyware-related hints discovered by other experts.
The sysdiag dump analysis, which uses system-based artifacts to identify possible iPhone infections, turns out to be minimally intrusive and resource-light. This log now forms a part of a comprehensive strategy to investigate iOS malware infection, having received the infection indicator in this log and verified the infection through the processing of additional iOS artifacts by Mobile Verification Toolkit (MVT). Lead Security Researcher at Kaspersky’s Great Maher Yamout says, “We have verified that this behavior is consistent with the other Pegasus infections we examined, so we think it will be a trustworthy forensic artifact to support infection analysis.”
Experts at Kaspersky created a tool to assist users in locating spyware on their devices. The tool retrieves and examines the Shutdown.log file using Python3 scripts. Operating systems: Linux, Windows, and macOS. The tool is free. It’s available on GitHub.
Experts also disclose that spyware, such as Pegasus, is extremely difficult to identify and remove. However, users can take precautions to make it more difficult for adversaries to eavesdrop on them. These are some suggestions from Kaspersky experts to keep spyware off your iOS device:
- Restart Daily: According to some research, Pegasus employs transient zero-click attacks. Restarting on a daily basis can detectably remove the spyware and force the attackers to try again.
- Use Lockdown Mode: According to some reports, iOS malware can be prevented from entering Apple’s lockdown mode.
- Disable Facetime and iMessage: Attackers may utilize these services to launch zero-click assaults. You can reduce the chance of getting spyware by turning them off.
- Update Your Device: Make sure to install the most recent iOS updates because some spyware makes use of outdated but fixed bugs. Staying up to date can protect you from malicious users who utilize outdated malware.
- Use Links Cautiously: Avoid clicking on links in messages as some Pegasus users may employ one-click attacks via email, SMS, or other applications.
- Check Your Backups and Sysdiags: You can check your backups and Sysdiagnose files for indications of iOS malware using MVT and Kaspersky’s tools.