Check for Pegasus on iOS

Investigating Pegasus on iOS

1. Create an encrypted backup using Finder.
2. Install MVT by running pip3 install mvt.
3. Decrypt the encrypted backup:

cd /Users/Steh/Library/Application Support/MobileSync
mvt-ios decrypt-backup Backup --destination Backup-dec`

1. Download the detection file from: AmnestyTech Investigations Repository
2. Verify the backup:

mvt-ios check-backup Backup-dec -o ioc_output -i pegasus.stix2 cytrox.stix2

References

• MVT IOCs Documentation
• Checking iOS Backups with MVT
• MVT Quick Start Guide
• Heise.de: iPhones selbst auf Pegasus und andere Spyware prüfen
• AmnestyTech Investigations Repository