All that needs to happen is, the victim receives an iMessage with an attachment containing a zero-click exploit. “Without any further interaction, the message triggers a vulnerability, leading to code execution for privilege escalation and providing full control over the infected device,” says Boris Larin, principal security researcher at Kaspersky’s Global Research & Analysis Team.
Once the attacker establishes their presence on the device, he says, the message is automatically deleted.
Rise of Pegasus
The most prominent and well-known spyware is Pegasus, made by Israeli firm NSO Group to target vulnerabilities in iOS and Android software.
Spyware only exists because of vendors such as NSO Group, which claims it sells exploits to governments only to hunt criminals and terrorists. “Any customers, including governments in Europe and North America, agree not to disclose those vulnerabilities,” says Richard Werner, cybersecurity advisor at Trend Micro.
Despite NSO Group’s claims, spyware has continued to target journalists, dissidents, and protesters. Saudi journalist and dissident Jamal Khashoggi’s wife, Hanan Elatr, was allegedly targeted with Pegasus before his death. In 2021, New York Times reporter Ben Hubbard learned his phone had been targeted twice with Pegasus.
Pegasus was silently implanted onto the iPhone of Claude Magnin, the wife of the political activist Naama Asfari, who was jailed and allegedly tortured in Morocco. Pegasus has also been used to target pro-democracy protesters in Thailand, Russian journalist Galina Timchenko, and UK government officials.
In 2021, Apple filed a lawsuit against NSO Group and its parent company to hold it accountable for “the surveillance and targeting of Apple users.”
The case is still ongoing, with NSO Group attempting to dismiss the lawsuit, but experts say the problem is not going to go away as long as spyware vendors are able to operate.
David Ruiz, senior privacy advocate at security firm Malwarebytes, blames “the obsessive and oppressive operators behind spyware, who compound its danger to society.”
The Spyware Drain
If you think you may be targeted by spyware, there are only a few useful things you can do. First, enable Apple’s Lockdown Mode, which disables certain features but is surprisingly usable and can protect your iPhone from getting infected in the first place. Second, if you suspect your device is already infected, helplines are available to aid you in removing spyware, such as Access Now’s Digital Security Helpline and Amnesty International’s Security Lab.
Detecting spyware can be extremely challenging—and for sophisticated spyware like Pegasus, discovering an infection on your own is all but impossible. There are less-sophisticated types of spyware that can cause unusual behavior, such as your battery draining quickly, unexpected shutdowns, or high data usage could be indicative of some types of infections, says Javvad Malik, lead security awareness advocate at security training organization KnowBe4. While specific apps claim to spot spyware, their effectiveness can vary, and professional assistance is often necessary for reliable detection, he says.