How to Stop Pegasus Malware

Pegasus is targeted cellphone malware by the NSO Group sold to governments.

How to Stop Pegasus Malware

What is Pegasus?


Pegasus is targeted cellphone malware by the NSO Group sold to governments.
It’s regularly used against human rights activists.

How can you stop Pegasus?


Well, you can’t stop it per say (except choice G below). But you can reduce risk with SOME of the steps below:

a) GrapheneOS

GrapheneOS reduces buffer overflows with a hardened memory malloc.

Buffer Overflows

A buffer overflow attack is when memory is corrupted to leak information. We covered this in our animated video on GrapheneOS, which you can find here:
https://video.simplifiedprivacy.com/why-grapheneos-is-more-secure/

DeGoogled

And this article covers the basics of DeGoogled phones:
https://simplifiedprivacy.com/degoogledphones/index.html

b) VPN for DNS

Always use a VPN for the DNS. Avoid trusting ISP DNS

DNS stands for Domain Name System and it’s how domain names (such as .com) get matched to IP addresses or locations. Corrupt governments can hack/manipulate routers or cell tower DNS to redirect you to different websites or services and then download malware to your system. Additionally, by using a VPN, you encrypt all the packets to treat the ISP’s infrastructure as untrusted.

c) VoIP

Don’t activate SMS from cell towers and use VoIP only via WiFi

VoIP or Voice over IP is just as good as regular phone lines. The person you’re talking to won’t even know the difference. We covered VoIP burners extensively in our review found here:
https://simplifiedprivacy.com/burners/index.html

d) External Router

Avoid a SIM card, then use an external WiFi FOSS router that you own, such as:

Home

In your home: DD-WRT, Open-WRT, (w/) OPNSense or pfSense

On-Go

Tiny on the go: Rasberry Pi with OpenWRT, or GL.inet,

You can put a USB modem on GLinet then you’d have portable WiFi access, but with physical isolation from the internet source. Then you only flow encrypted VPN traffic through the router.

If you’re too lazy to do this, then an external ISP-provided hotspot over in-phone SIM. We covered a lot of these different choices in our previous article on avoiding cell tower geolocation:
https://simplifiedprivacy.com/how-to-hide-your-location-from-cell-towers/index.html

Pegasus can work off being sent a link, so:

When your friends send you random website links on mobile, then look at it without JavaScript. Privacy Browser & Tor mobile both have a good toggle switches. (or look at it on PC)

f) Avoid Tyranny Apps

WhatsApp, Facebook’s apps, iMessage, and other big tech apps

As the Intercept reports, WhatsApp is an example of an app known to be vulnerable to zero-click exploits from Pegasus. The is a type of attack where the user does not even have to click the link to become infected. Zero-click exploits are why it’s very dangerous to use these spyware apps that are insecure such as WhatsApp, and we instead recommend Signal, XMPP, SimpleX, and Element.

If Facebook has to be used, avoid the mobile app and instead do so in a separate web browser on a PC where it can be properly isolated. (A virtual machine for Facebook can be considered for very high risk targets that need to use the site, but for the average person this is likely overkill and an isolated separate web browser is fine.)

g) Tiny PC


You could consider a tiny PC w/ WiFi such as LattePanda or Rasberry Pi INSTEAD of a phone because these have no internal cell tower baseband modem. The default Pi distro can do Signal, or for example:
lattepanda.com/lattepanda-sigma

h) Detection on Android


Detect Pegasus on GrapheneOS or stock android with the attestation tool app:
https://attestation.app/about

This app compares your current operating system to the stock android or official GrapheneOS version to detect malware.

i) Detection on iPhone


While as for iPhone, you’re better off with the Mobile Verification Toolkit (MTV) from Amnesty International.

This scans the device against known spyware from Amnesty International and Citizen Lab, which compares it against known “indicators of compromise”. According to TechCrunch, these include things like domain names known to be part of NSO’s infrastructure: https://docs.mvt.re/en/latest/index.html

Conclusion


Some will think this list is extreme, but you can only do SOME of the choices depending on your situation. Also you should consider most of these things anyway for general privacy and security. If you want help, reach out to us to schedule tech support for phones, routers, Linux PCs, or whatever else you need.

Consider subscribing to find out about new content by email, by Session messenger, via RSS feed, or follow on Nostr.


If you really want to learn and take your privacy to the next level, subscribe to our new content via: Nostr, Bastyon, Session, RSS, Ethereum Push

Related Posts

DeGoogled Phones Within the European Union

DeGoogled Phones Within the European Union

No VAT / Keep your Name off the Phone's IMEI

[SP]

Dec 7, 2024

(USA) Xmas Sale: Pixel 9 for $580

(USA) Xmas Sale: Pixel 9 for $580

Brand New & Damn Cheap

[SP]

Dec 5, 2024

Cell Towers vs WiFi

Cell Towers vs WiFi

What data is being shared from cell towers vs WiFi, and what your options to reduce that are

[SP]

Oct 26, 2024

Airplane mode is a Myth

Airplane mode is a Myth

Airplane mode does NOT hide your location. Google and Apple continue to collect it

[SP]

Sep 19, 2024