Despite NSO Group’s claims, spyware has continued to target journalists, dissidents, and protesters. Saudi journalist and dissident Jamal Khashoggi’s wife, Hanan Elatr, was allegedly targeted with Pegasus before his death. In 2021, New York Times reporter Ben Hubbard learned his phone had been targeted twice with Pegasus.
Pegasus was silently implanted onto the iPhone of Claude Magnin, the wife of the political activist Naama Asfari, who was jailed and allegedly tortured in Morocco. Pegasus has also been used to target pro-democracy protesters in Thailand, Russian journalist Galina Timchenko, and UK government officials.
In 2021, Apple filed a lawsuit against NSO Group and its parent company to hold it accountable for “the surveillance and targeting of Apple users.”
The case is still ongoing, with NSO Group attempting to dismiss the lawsuit, but experts say the problem is not going to go away as long as spyware vendors are able to operate.
David Ruiz, senior privacy advocate at security firm Malwarebytes, blames “the obsessive and oppressive operators behind spyware, who compound its danger to society.”
The Spyware Drain
If you are faced with a zero-click exploit delivering spyware, experts say there is very little you can do to protect yourself or restore security to your devices. “The best thing to do if you are targeted is to entirely abandon both the hardware and any associated accounts,” says Aaron Engel, chief information security officer at ExpressVPN. “Get a new computer, get a new phone number, and create completely new accounts linked to the device.”
Detecting spyware can be challenging, but unusual behavior such as your battery draining quickly, unexpected shutdowns, or high data usage could be indicative of an infection, says Javvad Malik, lead security awareness advocate at security training organization KnowBe4. While specific apps claim to spot spyware, their effectiveness can vary, and professional assistance is often necessary for reliable detection, he says.
Chris Hauk, consumer privacy advocate at Pixel Privacy, agrees battery drain is a strong indicator of spyware on your device. “Most spyware has not been developed to run efficiently,” he says.
Users should also be on the lookout for apps they haven’t installed, forced redirects due to a browser being hijacked, and changed settings in their default browser or search engine.
Earlier this year, Kaspersky’s team introduced a method to detect indicators of infection from iOS spyware such as Pegasus, Reign, and Predator. It is effective because Pegasus infections leave traces in the unexpected system log, Shutdown.log, stored within iOS devices’ sysdiagnose archive, the security outfit says.
Another step you can take to safeguard your device is to ensure you restart it at least once a day. “This makes it necessary for attackers to repeatedly reinfect, increasing the chances of detection over time,” Larin says.
If you might be a target, you can also disable iMessage and FaceTime to reduce the risk of falling victim to zero-click attacks. At the same time, keep your device updated to the latest software and avoid clicking on links received in messages such as emails.
“Update to the latest software version to protect against known vulnerabilities, use multifactor authentication, and only install applications from verified and legitimate sources,” says Adam Price, cyber threat intelligence analyst at Cyjax.
If you do become a victim, helplines are available for aid in removing spyware, such as Access Now’s Digital Security Helpline and Amnesty International’s Security Lab. Meanwhile, Apple’s Lockdown Mode—which disables certain features but is surprisingly usable—can protect your iPhone from getting infected in the first place.