Security breach detection tool 'MVT' that can detect signs of spyware 'Pegasus' for smartphones that is rampant all over the world

The Mobile Verification Toolkit (MVT) is a forensic tool created to detect signs of security breaches on iOS and Android devices. It can also be used to detect signs of the world-famous spyware 'Pegasus'.

Mobile Verification Toolkit

GitHub --mvt-project / mvt: MVT is a forensic tool to look for signs of infection in smartphone devices

The main functions of MVT are as follows. Since the functions of MVT are constantly evolving, it is quite possible that more functions will be added in the future.

· Decrypt encrypted iOS backup
-Process and analyze records from iOS and app databases, logs, and system analysis
・ Extract installed applications from Android devices
・ Extract diagnostic information from Android devices via adb protocol
-Compare the extracted records with a list of malicious indicators provided in STIX 2 format.
-Generate a JSON log of the extracted record and isolate the detected malicious tracking (monitoring) JSON log
· Generate a unified timeline of extracted records along with a detected malicious tracking (monitoring) timeline

Using these features, MVT extracts various types of personal records (call history, SMS, WhatsApp, etc.) found inside smartphones, and there are traces of potential cyber attacks such as malicious SMS messages. It will verify if it is not.

The spyware 'Pegasus', which has been talked about by monitoring more than 180 journalists, activists, politicians, and business people in 20 countries around the world, is a zero-click that Apple's genuine messaging app iMessage has. It has been found to be spyware using exploits. The zero-click exploit does not mean that you will be infected when you click a link attached to an email, but that you will be infected with malware without doing anything just by receiving a specific message.

What is 'Pegasus' spyware that monitors celebrities and politicians around the world via iPhone and Android? --GIGAZINE

Basically, 'Pegasus' infects the user terminal via the message, so MVT that verifies the message and confirms whether there is any malicious one is also effective for 'Pegasus'. MVT uses the domain name used by the NSO Group, the developer of 'Pegasus', and the IOC known to be used by the NSO Group to distribute 'Pegasus'. Detect.

Regarding 'Pegasus', there is a report that '50,000 phone numbers were monitored', and it is often thought that 'it is intended only for journalists, activists, politicians, etc. who are active in the world'. However, there have been multiple cases where people involved in such people are being monitored. Also, since 'Pegasus' is spyware operated by a company called NSO Group, 'Until now, if you did not do anything wrong, you did not have to worry about monitoring by intelligence agencies, but' Pegasus ' The advent of spyware such as ”may put an end to such wishful thinking,” warns The Guardian of foreign media.

A computer with Linux or macOS installed is required to run MVT. Also, Python 3.6 or later is required to run MVT. In addition, since MVT works from the command line, it does not have a sophisticated user experience and requires a basic knowledge of how to operate the terminal.

in Software,   Security, Posted by logu_ii