Pegasus Strikes Again: New Spyware Infections Reveal Wider, Undetected Reach

Researchers have discovered seven new Pegasus spyware infections targeting journalists, government officials, and corporate executives, revealing that the spyware’s reach is broader than previously thought. The infections, which affected both iPhone and Android devices, occurred between 2021 and 2023, impacting iOS versions 14, 15, and 16.6. iVerify researchers identified the malware during a May 2023 scan of 2,500 users, uncovering five distinct Pegasus variants across both operating systems. The spyware left traces in diagnostic data, shutdown logs, and crash reports, with an infection rate of 2.5 per 1,000 scans—higher than any previous findings.

Pegasus, developed by Israeli firm NSO Group, is known for exploiting OS vulnerabilities and executing zero-click attacks, allowing attackers to silently monitor victims and extract sensitive data such as messages, emails, passwords, and location information. First gaining notoriety in 2021 for state-sponsored surveillance on journalists, politicians, and activists, Pegasus is now being used on a wider scale, potentially targeting individuals outside the traditional high-risk category. Security researchers have underestimated its prevalence, as traditional detection methods often fail to identify infections.

To counter such threats, organizations should implement endpoint detection and proactive threat-hunting strategies while educating employees, particularly those in high-risk roles, about mobile security risks. As spyware threats continue to grow, empowering users with better tools and awareness is crucial for defense against these invisible threats.