Top Menu

How to check for Pegasus iOS Spyware on your iPhone or iPad

What is Pegasus Spyware?

Pegasus is professionally developed and highly advanced in its use of zero-day vulnerabilities, code obfuscation, and encryption. It uses sophisticated function hooking to subvert OS- and application-layer security in voice/audio calls and apps including Gmail, Facebook, WhatsApp, Facetime, Viber, WeChat, Telegram, Apple’s built-in messaging and email apps, and others. It steals the victim’s contact list and GPS location, as well as personal, Wi-Fi, and router passwords stored on the device. The iOS version of the attack uses what we refer to as Trident, an exploit of three related zero-day vulnerabilities in iOS, which Apple patched in iOS 9.3.5

Here’s how to check if your iOS device is infected with Pegasus spyware that Apple patched in iOS 9.3.5 firmware. If you do not yet have Lookout, you can download the Lookout app from the Apple App Store and then create an account with your email address and a password of your choosing.

Lookout_Launch Lookout_Sign_In

Open the Lookout app on your device. Confirm that your Lookout dashboard shows a green “check” in the Security section, indicating that everything is OK.

Lookout_Security2If you see a yellow “exclamation mark” instead, tap on “Security”. On the next screen tap “System Advisor”. You will be taken to the “System Advisor” description screen. If your device is impacted by the Pegasus threat, you will see the following screen and message.


On jail-broken devices, the “Security” will either show “Warning” or “Caution”. Tap on Security, and then on “System Advisor”, if it just shows “Your iPhone has been jail-broken” message, it means your jail-broken device is fine. But if it shows “Your iPhone has been compromised” message like in the screenshot above, it means your jail-broken device is infected with Pegasus.

Download Lookout from App Store.


In-depth technical read (PDF format) on how Pegasus works:

, , , , , , , , ,