Pegasus Malware
Published: 12/19/2025
Written by: Lizzie Danielson
What is Pegasus Malware?
Pegasus is a highly sophisticated form of spyware designed to covertly monitor and control targeted devices. Initially created for lawful surveillance by governments, this tool has been notably abused to conduct unauthorized surveillance. With capabilities such as collecting messages, tracking location, and recording audio and video, Pegasus is one of the most invasive malware threats identified to date.
When was Pegasus first discovered?
Pegasus was first discovered in August 2016 by researchers at Citizen Lab and Lookout Security. Their investigation revealed its use in high-profile attacks exploiting zero-day vulnerabilities on both iOS and Android smartphones.
Who created Pegasus?
Pegasus malware was developed by the NSO Group, an Israeli technology firm. While marketed as a tool for combating crime and terrorism, mounting evidence suggests its misuse by malicious actors and regimes with questionable human rights records, raising significant concerns worldwide.
What does Pegasus target?
Pegasus primarily targets mobile devices, including iPhones and Android devices, to gather intelligence on specific individuals. Its victims often include activists, journalists, politicians, and business leaders, making its impact both political and deeply personal.
Pegasus distribution method
The malware spreads via spear phishing campaigns, malicious links, and exploit kits. It utilizes zero-click exploits, meaning that users don’t need to interact with a link or attachment to get infected—opening the door for silent infiltration.
Technical analysis of Pegasus Malware
Tactics, Techniques & Procedures (TTPs)
Pegasus leverages techniques from the MITRE ATT&CK framework, including Initial Access (TA0001) through zero-click vulnerabilities, Evasion (TA0005) by disabling security tools, and Collection (TA0009) to gather sensitive data.
Indicators of Compromise (IoCs)
IoCs include unusual data transfers, unexpected file modifications, or unauthorized access to the device’s microphone or camera. Security defenders should look for unknown domains, suspicious messaging traffic, or tampered system logs.
Malware Guide
Our malware guide shows you how to shut down those infiltration paths before they ever become a crisis.
How to know if you’re infected with Pegasus?
Signs of infection include abnormal battery drainage, unexpected data usage spikes, performance lags, or any unauthorized access indicators on the device, such as activated microphones or cameras without user consent.
Pegasus removal instructions
Detecting Pegasus manually is incredibly challenging due to its stealth. It’s recommended to use advanced EDR tools, like Huntress, to identify and neutralize this threat. Additionally, updating mobile operating systems to patch vulnerabilities is crucial.
Is Pegasus still active?
Yes, Pegasus remains a significant threat with ongoing new variants and capabilities. Despite global efforts to block its operations, attackers continue to find innovative ways to deploy this malware.
Mitigation & prevention strategies
Preventative measures include regularly patching systems, enabling MFA, educating users on phishing risks, and employing robust managed detection and response solutions like Huntress. Continuous network monitoring can also detect anomalies related to Pegasus infections.
Related educational articles & videos
Pegasus FAQs
Protect What Matters
