You can check your iPhone for Pegasus spyware (unlikely as it is)

Check your iPhone for Pegasus

It’s extremely unlikely that your phone has been hacked using NSO software, but there is now a way to check your iPhone for Pegasus spyware – or, at least, some tell-tale signs.

The spyware was used to target human rights activists, lawyers, journalists, and politicians, and has been linked to assaults and murder of dissidents, so the chances of a random iPhone user being impacted are exceedingly low …

However, if you are concerned, Amnesty International has released a tool designed to help you check.

The bad news, as TechCrunch explains, is that it’s not an entirely straightforward process.

The Mobile Verification Toolkit, or MVT, works on both iPhones and Android devices, but slightly differently. Amnesty said that more forensic traces were found on iPhones than Android devices, which makes it easier to detect on iPhones. MVT will let you take an entire iPhone backup (or a full system dump if you jailbreak your phone) and feed in for any indicators of compromise (IOCs) known to be used by NSO to deliver Pegasus, such as domain names used in NSO’s infrastructure that might be sent by text message or email. If you have an encrypted iPhone backup, you can also use MVT to decrypt your backup without having to make a whole new copy.

The toolkit works on the command line, so it’s not a refined and polished user experience and requires some basic knowledge of how to navigate the terminal. We got it working in about 10 minutes, plus the time to create a fresh backup of an iPhone, which you will want to do if you want to check up to the hour. To get the toolkit ready to scan your phone for signs of Pegasus, you’ll need to feed in Amnesty’s IOCs, which it has on its GitHub page. Any time the indicators of compromise file updates, download and use an up-to-date copy.

Once you set off the process, the toolkit scans your iPhone backup file for any evidence of compromise. The process took about a minute or two to run and spit out several files in a folder with the results of the scan. If the toolkit finds a possible compromise, it will say so in the outputted files.

You can download the tool from GitHub, and find detailed documentation here.

There has been some misreporting of the spyware, suggesting that iPhones were somehow more vulnerable. The reality is that Amnesty focused its efforts on iPhones because the improved security they offer make it easier to detect when a phone has been compromised. It is possible to check Android phones, but with many more false negatives.

Photo: Loïc Lassence/Unsplash

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:



Introduced in 2007 by Steve Jobs, iPhone is Apple's flagship iOS device and easily its most popular product around the world. The iPhone runs iOS and includes a large collection of mobile apps through the App Store.


Privacy is a growing concern in today's world. Follow along with all our coverage related to privacy, security, and more in our guide.


About the Author

Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!

Ben Lovejoy's favorite gear


Dell 49-inch curved monitor