Safer iPhone: Kaspersky creates method to find spy programs on iOS

Last Thursday (22), Kaspersky released something new to keep your iPhone safer. The company’s Global Research and Analysis Team (GReAT) has discovered a method to identify spyware on iOS, such as Pegasus and the more recent Reign and Predator.

The method is carried out by analyzing the “Shutdown.log” file. Experts found unexpected traces of Pegasus in the system log, whose main task is to maintain information on all boot sessions – including anomalies generated by the malware, if the infected user restarts the cell phone.

By understanding the file in Pegasus infections, researchers noticed a common path, “/private/var/db/”, which mirrors paths also seen in other malware, such as Reign and Predator.

“Sysdiag analysis is minimally invasive and uses few resources, using system-based data to identify possible iPhone infections. As we have confirmed the consistency of this behavior with other Pegasus infections we have analyzed, we believe this will serve as a reliable forensic artifact to support infection analysis.”

Maher Yamout

Chief Security Researcher at Kaspersky GReAT Team

Kaspersky has developed a self-check utility for users to evaluate the “Shutdown.log” artifact and detect any anomalies. The tool was published on GitHub, with availability for macOS, Windows and Linux systems.

Kaspersky utility for self-scanning for malware on iOS – download

How to protect yourself?

To make it more difficult for cybercriminals to act, Kaspersky experts also gave iOS users recommended measures. The first is to restart the device daily, since Pegasus relies on “zero clicks” and “zero days” without persistence. Therefore, regular cleaning would make it necessary for scammers to reinfect the device repeatedly.

It’s also worth exploring Apple’s newly added Block Mode to help contain malware infections. Another tip is to disable iMessage and Facetime, as they are activated by default and can be vectors for a cyber attack.

It is also worth keeping your smartphone updated, to have the latest patches installed, with possible vulnerability fixes; and check backups and sysdiag regularly, with antivirus tools that can perform the check. Finally, avoid clicking on links received in messages, whether SMS, email or other messengers.

Did you like the method created by Kaspersky to identify malware on iOS? Share your opinion with us!