Do I have Pegasus on my mac?

ErikDPhillips wrote:

What? How is it “normal to have some Pegasus files” on your computer or phone?

Do you mind explaining what you mean there?

Those are files made by Apple. They pre-date the malware. It is no coincidence that the name "Pegasus" was then chosen by Israeli cyber-warfare company as a way to hide, confuse, and cause chaos.

Joe Gramm wrote:

I know this is an old thread, but I was curious about something. If spyware is installed, is it installed on the System or User Folder.

Most malware is installed in user folders, unless the user has granted the spyware enhanced permissions, as they often do.

For an existing Mac, not a new Mac, would restoring the Mac by doing a clean install, then importing the Home Folder back via Time Machine work.

Yes. That would work to reinstall the malware.

But to be clear, neither you nor anyone in this thread has the malware installed.

I know this is an old thread, but I was curious about something. If spyware is installed, is it installed on the System or User Folder.

For an existing Mac, not a new Mac, would restoring the Mac by doing a clean install, then importing the Home Folder back via Time Machine work.

Hope that makes sense.

Mine doesn’t. Was created on 9/4/23. Had computer since 2019

FWIW, it's normal to have some Pegasus files although you seem to have more than normal. You could download the free trial of Malwarebytes and see if a scan reports a problem.

https://www.malwarebytes.com/

It is usually best to perform a clean install of any computers from Best Buy since Best Buy is known for installing addition crapware on systems they sell. I don't know if this happens with Macs, but I know this occurs with the Windows PCs they sell.

Most of those entries look like they are associated with the Command Line tools which people using the command line will usually need to have installed. If you have not elected to install the Command Line tools (or allowed any apps to do so), then perhaps this is a pre-owned computer or Best Buy customized the computer by installing extra software.

It is HIGHLY unlikely you have the Pegasus spyware. Pegasus is used by nation states to spy on journalists, dissidents, political activists. So unless you consider yourself a prime target for government surveillance you shouldn’t be worried. Pegasus is not in the arsenal of the everyday hacker looking to steal your bank account. Pegasus costs $500,000.00 from the developer NSO, an Israeli company. So there’s that.

Add to that Pegasus is primarily an iPhone thing, not Mac. So what you are seeing is something not related to the spyware. Lots of legitimate software could be named Pegasus.

And on top of that, there are a fair number of items with Pegasus in the name installed by the OS itself. Those in the System folder of course, since only Apple can touch that folder, and associated items in the user folder (I have the same ones listed in the image above).

From what I can tell, these have all been placed there by Apple to protect against any possible use of Pegasus in macOS.

Still, as HWTech noted, the very first thing you should do with any computer purchased from Best Buy is to wipe the drive and install the OS from scratch. Such as, all of those SDK entries are not part of a normal install. Either someone was using this Mac before ui295 for software development, or Best Buy put them there (though it makes no sense why they would).

Thank you, Etresoft. That’s what I was expecting someone to say in the beginning but the previous person wrote the most irritatingly, incomplete answer that would absolutely not have made anyone feel better.

What? How is it “normal to have some Pegasus files” on your computer or phone?

Do you mind explaining what you mean there?

Thanks for the reply and info.