Security & Privacy

Pegasus spyware found on 5 French cabinet members’ phones

Posted on September 23rd, 2021 by

NSO Group Pegasus Spyware on iPhone, iOS.

A new report claims that telltale signs of Pegasus spyware have been identified on at least five current French cabinet ministers’ mobile phones.

The phones reportedly belonged to Jean-Michel Blanquer, Julien Denormandie, Jacqueline Gourault, Sébastien Lecornu, and Emmanuelle Wargon. Few additional details are known at this time.

This news comes just two months after a July leak identifying tens of thousands of high-profile individuals who were allegedly potential Pegasus spyware targets. French president Emmanuel Macron was reported to be among the targeted individuals, along with hundreds of international “business executives, religious figures, academics, NGO employees, union officials and government officials, including cabinet ministers, presidents and prime ministers,” and more than 180 journalists.

What is Pegasus spyware?

Pegasus is spyware developed by the NSO Group, an Israeli company that markets its technology to government intelligence and law enforcement agencies to help “prevent and investigate terror and crime.” However, leaks like the one from July have hinted that perhaps NSO Group’s customers may have abused Pegasus to spy on non-criminal targets.

Pegasus often infects devices via “zero-click” remote attacks that exploit zero-day vulnerabilities in mobile operating systems and apps. WhatsApp and SMS text messages have been used in the past to deliver Pegasus, as well as several recent and past iOS vulnerabilities. (See Intego’s past coverage of Pegasus for additional details.) Targets are usually unaware that their devices are infected with spyware.

How can I know if my iPhone or Android phone is infected with Pegasus?

Unfortunately, Apple doesn’t allow antivirus apps for iOS or iPadOS in the App Store, which can make it difficult to know if an Apple device has been infected by Pegasus or other malware.

One way to identify the existence of Pegasus spyware on an iPhone, iPad, or Android device is to use Amnesty International’s Mobile Verification Toolkit (MVT)—but it isn’t easy to use. A third-party app called iMazing claims to be able to detect evidence of Pegasus infections on iPhones, although Intego has not tested it and cannot vouch for it.

The presence of other malware besides Pegasus can be detected on iPhones by VirusBarrier X9—the only Mac antivirus product that can scan the contents of iPhones for malware.

How can I learn more?

You can read our past reporting on Pegasus spyware via our Pegasus article archives.

Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the latest Apple news, security and privacy stories, and offer practical advice on getting the most out of your Apple devices. Be sure to follow the podcast to make sure you don’t miss any episodes.

We discussed Pegasus spyware and more on episode 197 of the Intego Mac Podcast.

You can also subscribe to our e-mail newsletter and keep an eye here on Mac Security Blog for the latest Apple security and privacy news. And don’t forget to follow Intego on your favorite social media channels: Facebook, Instagram, Twitter, and YouTube.

Image credits: iPhone by Rafael Fernandez (CC BY-SA 4.0); Pegasus by Nicolas Raymond (CC BY 2.0); composition by Joshua Long, Intego (CC BY-SA 4.0).

About Joshua Long

Joshua Long (@theJoshMeister), Intego's Chief Security Analyst, is a renowned security researcher, writer, and public speaker. Josh has a master's degree in IT concentrating in Internet Security and has taken doctorate-level coursework in Information Security. Apple has publicly acknowledged Josh for discovering an Apple ID authentication vulnerability. Josh has conducted cybersecurity research for more than 20 years, which has often been featured by major news outlets worldwide. Look for more of Josh's articles at security.thejoshmeister.com and follow him on Twitter. View all posts by Joshua Long →