Security firm iVerify said leaders of large companies were among several people whose iPhones were recently targeted by Pegasus spyware.
Journalists, human rights defenders, lawmakers, and political officials are frequently subject to state surveillance, and reports of spyware infiltrating business leaders' phones are rare but not unheard of. The findings are another warning that spyware, typically used by governments under the guise of preventing serious crime and terrorism, could also be used for commercial espionage.
In a call with TechCrunch this week, iVerify CEO Rocky Cole declined to say who was targeted, but said the spyware targeted companies that he had “heard about.” Cole, a former National Security Agency analyst, said he was “completely surprised” that business leaders contacted by iVerify would try to compromise their phones.
NSO did not comment when contacted by TechCrunch before publication. Gil Reiner, a spokesperson for NSO Group, said in an email after publication that Pegasus is “sold only to vetted U.S.-Israel allied intelligence and law enforcement agencies,” but that the spyware is He did not say whether it was used to target private company executives.
iVerify, whose app of the same name can scan mobile devices for signs of malware, said it had detected evidence of compromise on seven iPhones, some of which were in a newer version in late 2023 at the time of detection. I was running iOS 16.6. The seven devices were identified among 2,500 iVerify users who chose to scan their devices for possible traces of spyware in recent months, the security company said. Cole said the number of newly confirmed cases is not representative of the general population, given that the company's app users are likely at higher risk of state-sponsored targeting.
The company's app is designed to look for anomalous signals deep within the iPhone and iPad operating systems that can be caused by the side effects of a malware infection. Security companies are worried about privacy issues because Apple tightly controls the software on iPhones and iPads, making it difficult for apps like iVerify to inspect the security of other installed apps and the underlying software kernel. Analyze other telemetry data within constraints. -Device diagnostic logs — Helps determine if your device may have been compromised.
It is unclear whether the targeted iPhone was compromised at the time iVerify identified the anomalous signal. Cole said any detected signals could indicate a historical spyware breach from an earlier point in time. Some of the targeted phones may not have had the latest software updates at the time of the compromise, potentially leaving the devices exposed to older exploits. .
While iVerify isn't the only way to detect if your phone is infected with spyware, Cole said his company's app can detect spyware “at scale.”
More government hackers are reusing spyware exploits
Confirmed spyware attacks against business leaders are rarely made public. Amazon founder Jeff Bezos' phone was hacked several years ago, and a United Nations report says it was the result of Saudi authorities buying access to Pegasus and using WhatsApp to distribute spyware. We concluded that there is a high possibility that this is the case. NSO Group insisted at the time that its spyware was “not used in this case.”
Security researchers say the prevalence of spyware makes it difficult to contain its use and abuse. Earlier this year, Google sounded the alarm after its security researchers found evidence that Russian state-backed hackers had obtained an exploit that was “identical or significantly similar” to code developed by NSO Group. NSO Group says it has never sold spyware to Russia. NSO's Reiner reiterated Wednesday that the spyware maker “does not sell its products to China, Iran or Russia.”
Cole told TechCrunch that iVerify also sees reuse of spyware exploits by hackers backed by governments such as China, Iran, and Russia to be “more prevalent.” Cole has linked the Chinese-backed hacker group Salt Typhoon to ongoing intrusions at several major telephone and internet companies in the United States and abroad, attempting to gain access to communications networks. It said it was investigating whether it could have been used to identify and target individuals in possession of phone spyware.
iVerify recently identified an increase in anomalous signals from two cell phones owned by senior Harris Walz campaign officials, Cole told TechCrunch. Salt Typhoon was “very active” on the telephone company's network at the time.
The company said it is not yet clear whether these devices were fully compromised as the investigation is “ongoing.” The FBI is reportedly investigating whether Chinese-backed hackers used their access to phone networks to target the cellphones of senior U.S. officials with malware.
Cole said if Salt Typhoon is connected to targeting these phones, the intrusion attempt is “very likely a reuse of commercial functionality.”
Added post-publication comments for NSO.