Pegasus Spyware: What Is It and Is It on My Phone?

What is Pegasus spyware?

Pegasus spyware is mobile surveillance software designed to infiltrate iOS and Android devices to secretly collect information. It’s what’s known as “zero-click” spyware, meaning it can get onto devices without user interaction. And it has extensive data-collection capabilities — Pegasus can read texts and emails, monitor app usage, track location data, and access a device’s microphone and camera.

It was initially developed by the Israeli NSO Group to combat terror and crime, but has since been deployed as a cyberweapon in more controversial espionage attacks on political figures, well-known journalists, and other civil society leaders.

What is NSO Group?

NSO Group is an Israeli cyber-arms company that created Pegasus and licenses it to government agencies around the world — many of which have deployed its surveillance capabilities as a cyber-weapon to spy on high-profile targets.

In 2021, due to the controversial licensing of Pegasus spyware to questionable state actors, NSO Group was added to the United States Entity List, which highlights companies or other organizations deemed a threat to US national security interests. In 2022, NSO stated it would refocus its Pegasus sales on NATO-aligned countries. A controlling stake in the company was acquired by a private U.S. investment group in 2025.

Real Pegasus spyware controversies

Due to both its origin and its reputation for being used by controversial states, governments, and organizations, Pegasus spyware has frequently made headlines around the world. These controversies include:

• French government: In 2021, it was revealed that French president Emmanuel Macron was among 50,000 potential victims of Pegasus spyware, according to data leaked to the media. Several other French government ministers, as well as leading political figures from South Africa, Iraq, Morocco, and Egypt, among others, were also alleged victims according to the leak.

• Mexican activists: In 2023, Raymundo Ramos, a Mexican human rights activist, was a victim of Pegasus. The Mexican military used Pegasus on Ramos’s phone alongside the phones of journalists at the El Universal newspaper following the publication of a story that compromised the Mexican army's actions.

• Serbian journalists: In 2025, two members of the Balkan Investigative Reporting Network were targeted by Pegasus. The journalists were sent smishing texts that contained infected links to a decoy page on a media website. Similar tactics have allegedly been used by the Serbian authorities on figures involved in large-scale protests in recent years.

• Polish opposition: The former Polish Justice Minister Zbigniew Ziobro was detained after being accused of deploying Pegasus against opposition politicians. His parliamentary immunity was removed by the Sejm (the Polish equivalent of the House of Representatives) following his failure to appear before a Pegasus committee set up by the government of Donald Tusk.

Due to Pegasus’s involvement in illegal phone hacking, NSO Group has frequently been at the center of legal controversy. One of the most notable cases came in 2025, when the company was ordered to pay $167 million to WhatsApp after being found guilty of hacking 1,400 users in 2019. The ruling was significant, marking the first time a spyware developer was held legally responsible for exploiting vulnerabilities in smartphone platforms.

How does Pegasus work?

Pegasus spyware secretly infiltrates smartphones through vulnerabilities such as zero-click exploits — meaning users don’t necessarily need to tap a link or open a message. Once installed, it can access calls, messages, photos, and even activate the microphone or camera, sending the gathered data back to the attacker without detection.

Pegasus spyware infects your device, collects data, then sends info to NSO Group's servers.

1. Cell phone infiltration

Like other types of malware, Pegasus spyware can be installed on a victim’s phone through a phishing link. These attacks typically rely on social engineering, where the attacker impersonates a trusted person or organization. Once the target clicks the malicious link in the message or email, Pegasus installs itself on the device, giving the attacker full access.

However, phishing is not the only infiltration method for Pegasus. There are several other ways this spyware can end up on your device:

• Push notifications: By manipulating the system that delivers push notifications to your phone screen, threat actors can cause notifications to trigger internal vulnerabilities. This is a zero-click infiltration method — the user doesn’t have to interact with the notification for the spyware to successfully install itself.

• Apps: Pegasus can take advantage of app vulnerabilities to infect a device. This is another example of infiltration that can be zero-click — attackers may deliver malicious code via compromised messaging apps, enabling the spyware to install itself the moment a message arrives.

• Network injections: When a device goes online, it exchanges data packets with servers. Attackers can intercept this traffic and insert maliciously crafted packets. If the device’s software contains a vulnerability, it may unintentionally process the malicious code, giving attackers a path to install Pegasus spyware.

2. Data collection

Once Pegasus is installed on a device, it immediately begins harvesting data. This advanced spyware can access contacts, call logs, browsing history, emails, location data, and even microphone and camera feeds. It can also intercept messages from supposedly “secure” apps like WhatsApp and Telegram, giving attackers deep insight into the victim’s personal communications and activities.

3. Data extraction

Any data collected by the Pegasus virus is then exported to the attacker’s command-and-control servers. From here, the attacker may be able to use stolen data to manipulate the target, gain insight into their social and professional networks and personal life, or even track their location. Since Pegasus is typically deployed to spy on high-level political figures, hackers will generally use the data they steal to drive political, financial, or security-related objectives.

Is your phone infected with Pegasus spyware?

If you’re an everyday person, it’s highly unlikely your phone is infected with Pegasus spyware — each Pegasus license costs a fortune and is typically sold only to governments or intelligence agencies. However, if you’re a high-profile individual such as a politician, journalist, or activist, there’s a chance that you’re the target of Pegasus surveillance.

How to detect Pegasus spyware

Because of its advanced design, detecting Pegasus spyware is far more difficult than spotting typical malware. But while there aren’t many reliable telltale signs your phone is hacked by high-level spyware, specialized tools like the Mobile Verification Toolkit (MVT) can help identify traces of Pegasus on your device.

You should also watch for signs such as unusually fast battery drain or increased data usage — potential indicators of the Pegasus virus or other malicious software running in the background.

Tips to protect your device

You can help protect your device from Pegasus spyware — and many other forms of malicious software — by following these best practices:

• Keep your network secure: Ensure that your Wi-Fi router is protected with a strong password and that its firmware is up to date to help protect against unauthorized access. You can use a password generator to help with this.

• Keep your operating system (OS) up to date: Pegasus often exploits vulnerabilities in outdated software. Regularly updating your OS ensures these gaps are patched. Likewise, keep individual apps — especially messaging and financial ones — updated to reduce exposure to known threats.

• Use secure messaging apps: Apps like WhatsApp, Signal, and Telegram help keep messages private thanks to end-to-end encryption. Although secure messaging apps can be breached by Pegasus post-infection, they are still useful tools, as they make interception in transit much harder.

• Deny unnecessary app permissions: Review app permissions carefully and grant only those essential to functionality, denying access to sensitive features like location or photo libraries when not required. Limiting unnecessary permissions helps reduce the risk of exploitation by spyware like Pegasus.

How to get rid of Pegasus spyware

The easiest and most reliable way to remove Pegasus from your device is to replace the device entirely. While a factory reset can usually remove spyware from your iPhone or Android, Pegasus is exceptionally advanced and persistent — full removal often requires assistance from a forensic cybersecurity specialist.

If you choose to reset or replace your phone, only restore data from a backup created before the infection. Backups made after Pegasus infiltrated your device may contain remnants of the spyware, which could reinfect your system upon restoration.

Help keep your device spyware-free with Avast

Pegasus may not be an immediate threat to most people, but other types of spyware and online surveillance software are. That’s why we developed an award-winning threat-detection engine that powers our cybersecurity software.

Avast Free Antivirus helps you detect spyware and other malware before it can infect your device, keeping your system clean and making sure your personal information stays private. Stay safe online and install Avast today.