In May 2024, mobile security company iVerify rolled out a new mobile threat hunting feature that led to disturbing discoveries regarding Pegasus spyware across different versions of iOS. The investigation covered 2,500 automatically scanned devices and found seven Pegasus infections, meaning approximately 2.5 out of 1,000 devices were compromised.
The infected devices spanned a range of different iOS versions and time periods. The most recent case involved iOS 16.6 and was discovered in late 2023. Another infection dates back to November 2022 on iOS 15. The other five infections affected devices running iOS 14 and 15, with dates spanning from 2021 to 2022 .
Rocky Cole, chief operating officer of iVerify, told Wired that the victims were not only the usual targets such as journalists and activists, but also included business leaders, entrepreneurs and even government officials. This suggests that the scope of the attack is broader than previously thought, and more in line with the types of advanced persistent threat (APT) campaigns we typically see.
The finding challenges the long-held belief that Pegasus, created by NSO Group (also known as Rainbow Ronin), primarily went after high-profile targets such as journalists and political figures. Pegasus is quite powerful, capable of fully controlling a device, accessing messages, emails, photos and call logs, and even carrying out “zero-click” attacks, i.e. the victim does not have to do anything for the virus to infect their phone.
Although the sample of 2,500 devices is small and primarily focused on a group of security-conscious users rather than the general public, the infection rate seen here is much higher than we’ve seen before .
