Detect and Delete Pegasus Spyware from iPhone

As we all know, Apple recently released iOS 9.3.5 download with the express intention of patching a serious vulnerability that was affecting the iOS. This vulnerability was allowing iOS devices to be infected with something called the Pegasus threat, a threat that would allow the data on the device to be manipulated, any photos, texts or emails to be accessed and it allowed for remote control of the microphone or camera on the device. If you have a jailbroken device, you won’t want to be updating to iOS 9.3.5 otherwise you will lose your jailbreak but, on the other hand, nor do you want a device that is potentially under the control of a third party. So, first, we are going to tell you how to detect if your device has been infected with Pegasus and, if it has, we are then going to tell you how to remove it.

Image : Pegasus Spyware Detection and Removal

pegasus spyware remove

How to Detect Pegasus on your iOS Device :

  1. First, you will need to download an app called Lookout [AppStore]. This is a free app that is described as the “only all-in-one security app” and you will need to download it direct onto your iOS device. lookout app antivirus
  2. When you have downloaded it, open the app and register an account. This is simple enough to do and all the instructions you need are on-screen so just follow them to be able to access the full functionality of the Lookout app.
  3. Look at the Security section of the app – if your device has NOT been jailbroken, it should say If it does, your device is clean. If it says Caution or Warning, then you need to tap Security to see what is going on.
  4. From there, tap on System Advisor and, if the device has been infected, it will show you a message that says,” Your iPhone has been compromised. Lookout has detected Pegasus threat on your device.”
  5. If your device has been jailbroken, then the Security section will already show the Warning or Caution message. Tap on Security > System Advisor. It will say one of two things – “Your iPhone has been jailbroken”, in which case, it hasn’t been infected, or it will give you the same message as above warning you that Pegasus has been detected. pegasus_jailbreak_lookout

That is the easiest way to determine if your iOS device has been compromised by the Pegasus threat. Do keep in mind that Lookout wasn’t built just to detect Pegasus so there is a chance that it may throw up a warning for other things as well. For example, if you haven’t updated to iOS 9.3.5, it will tell you that. Do take into account what the warnings are and act on them accordingly.

How to Remove Pegasus from Your iOS Device :

Knowing that your device is infected is one thing; doing something about it is altogether something else. The following tutorial on how to remove the Pegasus threat is in two parts – one for jailbroken devices and one for those that haven’t

Non Jailbroken Devices :

If you have not jailbroken your iOS device, and you have no intentions of doing so then it is easy to clear the infection up – simply upgrade your device to iOS 9.3.5 download and take advantage of the patches that Apple has provided, both to remove the threat and stop it from happening again. To update your device:

  1. use the OTA method of going to Settings > General > Software update or ota ios 10
  2. Use the iTunes and IPSW method. itunes update iphone

Jailbroken Devices :

  1. Once you have determined that your jailbroken device has been infected with Pegasus, launch Cydia from your Home screen
  2. Now we need to add a new repository in :
  • Tap on Sources > Edit > Add
  • In the box type this URL in – coolstar_repo
  • Tap on Add Source and let Cydia install the new repo
  1. Go into the new repository and search for a package called Perl. Install it the same as you would any other Cydia package perl pgcheck0-side
  2. Now add another repo, following the instructions above only, this time, type this URL in –
  3. Go into that repository and download a package called pgcheck. [ image above ]
  4. When you have installed both of these packages, reboot your iOS device and make sure it is back in a jailbreak mode – PPHelper is semi-untethered so you will need to go through the steps outlined at this link every time your reboot your device
  5. Now, the pgcheck package will run in the background automatically and it will immediately alert you if Pegasus is detected. Immediately, it will place your device straight into Airplane mode, thus severing any network connections and stopping a hacker from accessing your device. The package will then remove the threat.

So, that’s how to detect and remove the Pegasus threat from your device. If you run into any trouble or this doesn’t work for some reason, you may have no alternative but to give up your jailbreak in favor of updating to iOS 9.3.5.

Do let us know how you get on and, for more tutorial like this, Sign up to our free email newsletter and follow us on Facebook.



Leave a Reply

Your email address will not be published. Required fields are marked *