How to install and use MVT to check for Pegasus infestation

Question

How to install and use MVT to check for Pegasus infestation

I tried to install MVT per the instructions here. https://docs.mvt.re/en/latest/ios/backup/check.html Unfortunately, there are lots of installation errors, and it isn't clear where the executables will reside. Has anyone succeeded in doing it on MacOS Big Sur? What I'm looking for are detailed instructions to install and also to run the check on my iPhone, iPad Pro, and on my MacBook Pro.

I'm also wondering whether the new release of MacOS 11.6 will remove any Pegasus infestation or whether it merely prevents it from being installed. If it's the latter, then I'm looking for detailed instructions to remove Pegasus.

MacBook Pro 16″, macOS 11.6

Posted on Sep 15, 2021 7:38 AM

Reply

Answer 1

Top-ranking reply

James Brickley

Level 5

5,692 points

Sep 15, 2021 1:06 PM in response to stevegoldfield

This tool is not intended for end-user self-assessment and it is designed for IT Security / IT Forensics professionals. It is not like MalwareBytes, etc.

Did you follow the instructions?

https://docs.mvt.re/en/latest/install.html

Dependencies required on macOS:

You need to install Xcode (Mac App Store)
You need to install Xcode Command Line Utilities via Terminal (sudo xcode-select --install)
You need to install Homebrew (https://brew.sh)
You need to install the Homebrew packages via Terminal (brew install python3 libusb sqlite3) [libusb only for Android]
You need to add "export PATH=$PATH:~/.local/bin" to your .bashrc or .zshrc file
You need to install mvt via Terminal (pip3 install mvt)

That's just to get the tooling installed. Now you have to jump through hoops to actually create iTunes backups and scan them with the mvt-ios tool.

Download the STIX2 Pegasus file (https://raw.githubusercontent.com/AmnestyTech/investigations/master/2021-07-18_nso/pegasus.stix2) and put in ~/iOS/malware.stix2 then run the command below:

mvt-ios check-backup --iocs ~/ios/malware.stix2 --output /path/to/iphone/output /path/to/backup

MVT is a forensic research tool intended for technologists and investigators. Using it requires understanding the basics of forensic analysis and using command-line tools. MVT is not intended for end-user self-assessment. If you are concerned with the security of your device please seek expert assistance.

Note: MVT does not scan Mac's only mobile devices.

Reply

Answer 2

Old Toad

Level 10

215,706 points

Sep 15, 2021 1:14 PM in response to stevegoldfield

You're barking up the wrong tree. The Pegasus spyware is only for iPhones and Android phones. It's not for desktop computers.

Reply

Answer 3

VikingOSX

Level 10

123,446 points

Sep 15, 2021 12:22 PM in response to stevegoldfield

If you applied the respective Apple Security updates for Big Sur and Catalina, then you shouldn't care because the security holes in the respective operating systems have been plugged. Any infestation has nothing to do — if it is even installed, in the first place.

Reply

Answer 4

Barney-15E

Level 10

122,252 points

Sep 15, 2021 8:46 PM in response to stevegoldfield

I'm not asking Apple. I'm asking the support community. Since the software is written by Amnesty International, I suspect it is trustworthy.

This support community is for helping with Apple software and products. If you need help with some third-party product, you'll need to ask them for help.

Reply