X
CNET logo Why You Can Trust CNET

Our expert, award-winning staff selects the products we cover and rigorously researches and tests our top picks. If you buy through our links, we may get a commission. Reviews ethics statement

Apple sues Pegasus for spyware maker. How to check if your iPhone has NSO Group software

The odds are low your iPhone or iPad is infected by Pegasus spyware, but here's how to check just in case.

Jason Cipriani Contributing Writer, ZDNet
Jason Cipriani is based out of beautiful Colorado and has been covering mobile technology news and reviewing the latest gadgets for the last six years. His work can also be found on sister site CNET in the How To section, as well as across several more online publications.
Jason Cipriani
4 min read
 cybersecurity-2544

You'll need to connect your iPhone to your computer to check for Pegasus spyware. 

Angela Lang/CNET

In the ongoing battle between Apple and the Pegasus spyware, the iPhone maker today said it was suing the NSO Group -- the maker of surveillance software. Apple said it is seeking to protect its users from "further abuse and harm" with a permanent injunction to ban NSO Group from using the iPhone maker's hardware, software or devices, Apple said in a release.

The spyware can be remotely installed on a target's iPhone or iPad, granting the person or organization who installed it full access to the device and all the data it holds -- without the owner taking any action. That includes text messages, emails and even recording phone calls. Pegasus was originally designed and is marketed by its creator the NSO Group to monitor criminals and terrorists.

Apple with an iPhone security patch in iOS 14.8 in September closed a vulnerability reportedly exploited by invasive spyware built by NSO Group.

While's there probably little chance a government entity would install Pegasus on your iPhone to monitor your activities, if you are curious, there's a free tool that allows you to check your iPhone or iPad with a few clicks. To be clear, the odds of your iPhone or iPad being infected by the Pegasus spyware are low. That said, if you want peace of mind -- just in case -- here's what you need to do, along with installing the iOS update.

Watch this: We go hands-on with Apple's new $99 MagSafe Battery Pack

Download and install iMazing's app on your Mac or PC

iMazing has updated its desktop app to include Amnesty International's Mobile Verification Toolkit, which was built to detect signs of Pegasus on a device. The company isn't charging for access to the feature. 

Download iMazing for your computer from the company's website. Don't worry about buying the app: You can run the full spyware test using just the free trial.

Install iMazing and open it. When prompted, select the free trial. 

how-to-run-imazing-spyware-tool

The longest part is waiting for the app to make a backup of your iPhone or iPad. 

Screenshot by Jason Cipriani/CNET

How to run the Pegasus Spyware scan on your iPhone or iPad

With iMazing installed and running, connect your iPhone or iPad to the computer. You may have to enter the Lock Screen code on your device to approve the connection before proceeding (something to keep in mind if your iPhone or iPad isn't showing up in iMazing). 

Next, scroll down through the action options on the right-hand side of iMazing until you locate Detect Spyware; click it. 

A new window will open, guiding you through the process. The tool works by creating a local backup of your device (so you'll need to make sure you have enough storage space for the backup), and then analyzing that backup. It's an automated task, so you don't have to stick around to monitor it once you click start. 

iMazing suggests leaving all of the default settings in place as you click through each screen. There are configuration options built into the tool for advanced users, but for most of us (including myself), the default configuration settings will get the job done. 

After going through the basic configuration, you'll need to accept a license for the tool and then click the Start Analysis button. 

Once the process starts, make sure you leave your iPhone or iPad connected until it's finished. I ran the test on my iPhone 12 Pro and it took around 30 minutes to create the backup and another five minutes for it to be analyzed. After the backup was created, I did have to enter my account password to allow iMazing to begin analyzing the file. Because of that, I recommend starting the tool and checking on it after a while. 

Once iMazing begins analyzing your device's backup, it'll show you its progress by displaying each individual app it's checking, starting with iMessage. The app is using a database of known "malicious email addresses, links, process names and file names"

When iMazing finishes, you'll see an alert with the results. In my case, my iPhone 12 Pro showed no signs of infection and had 0 warnings. 

The alert also includes two buttons to open or reveal the report. I looked through my report, and it contained a bunch of random links that meant nothing to me. 

imazing-spyware-check-results.png

At the end of the scan, the results are displayed in an easy-to-read alert. 

Screenshot by Jason Cipriani/CNET

What to do if the iMazing app says your device has signs of an infection

First of all, don't panic. It could be a false positive. If this happens, iMazing asks that you send the report (click Reveal Report to go directly to the file) to its customer support team for further analysis. The company does suggest, however, that if you or a family member are active in a "politically sensitive context" and have a positive report to immediately remove your SIM card and turn off your iPhone or iPad.

If your phone is not infected, you still want to install the latest update on your iPhone, iPad, Apple Watch and Mac, which addresses the vulnerability.

For more security tips, double-check these settings. For added privacy, go through these steps.