Pegasus Spyware nowadays is a threat to iOS devices, along with its newer versions Reign and Predator, Kaspersky researchers have introduced a new and simple detection method. They use a unique system log file called Shutdown.log, which is part of the sys-diagnose archive on iOS devices. This archive stores information from each restart, providing a crucial location to spot irregularities caused by Pegasus during a device reboot. Kaspersky has also created an easy-to-use self-check tool for users to assess their vulnerability.
The analysis of the sys diag dump is non-intrusive and doesn’t use many resources. It relies on system-based clues to identify potential iPhone infections. Once an infection indicator is found in this log, and the infection is confirmed using the Mobile Verification Toolkit (MVT) to process other iOS clues, this log becomes part of a comprehensive approach to investigating iOS malware infection. Kaspersky’s Lead Security Researcher, Maher Yamout, believes that this log is a reliable forensic clue for infection analysis, consistent with other Pegasus infections.
Kaspersky has created a tool to help users detect spyware on their devices. The tool uses Python 3 scripts to access and check the Shutdown.log file. It’s a free tool that works on macOS, Windows, and Linux, and you can find it on GitHub.
Protecting Against iOS Malware: Simple Steps to Enhance Security:
- Daily Reboots: Restart your device regularly to clear any potential non-persistent infections.
- Lockdown Mode: Activate iOS 16’s Lockdown Mode to block known attack methods.
- Disable iMessage and FaceTime: Reduce the risk by turning off these services to minimize potential exploits.
- Timely iOS Updates: Quickly install the latest iOS updates to stay ahead of potential hackers.
- Caution with Links: Avoid clicking on suspicious links in messages and emails.
- Regular Scans: Periodically use security tools to scan your device backups and logs.
By following these practices, Apple device users can strengthen their defenses against Pegasus spyware, making it less likely for successful attacks. While the Kaspersky technique is a useful tool for detecting iOS spyware, maintaining strong cybersecurity for iOS devices requires a comprehensive approach that includes both proactive measures and careful analysis.
