Pegasus is spyware developed by a Israeli organisation that is being used by a lot of glowie organisations around the world to spy on people. Amnesty International developed a tool we can use to detect indicators of that spyware on your ios or android phone.
I will be using a Macbook M1 with Docker to complete this task.
Install Docker and give Docker full disk access. You can give Docker ful disk access by going to System Preferences > Security and Privacy > Privacy > Full Disk Access
Make a backup of your Iphone and encrypt it via Finder.
Build the MVT (MVTools) docker image:
git clone https://github.com/mvt-project/mvt.git cd mvt docker build -t mvt .
Run the Docker image and mount your iphone backup location
docker run -it -v /Users/ilias/Library/Application\ Support/MobileSync/Backup:/backup mvt
Decrypt the backup with your password
mvt-ios decrypt-backup -pv 'YOURPASSWORD' -d decrypt '/backup/PHONE_UUID'
the UUID of the phone can be found in the backup location in Finder
Clone the Amnesty investigation files from Github
git clone https://github.com/AmnestyTech/investigations.git
Check your decrypted backup with the Pegasus investigation file.
mvt-ios check-backup -i investigations/2021-07-18_nso/pegasus.stix2 decrypt/
If you are or were invected with Pegasus you will get a list of suspicious data and results.