Kaspersky's technique can detect if iPhone is infected with Pegasus or not
Using Mobile Verification Toolkit, Kaspersky's research team has discovered that the Pegasus leaves behind its traces within any mobile iOS device’s sysdiagnose archive.
The sysdiag dump analysis proves to be minimally intrusive and resource-light, relying on system-based artifacts to identify potential iPhone infections. Having received the infection indicator in this log and confirmed the infection using the Mobile Verification Toolkit (MVT’s) processing of other iOS artifacts, this log now becomes part of a holistic approach to investigating iOS malware infection. Since we confirmed the consistency of this behavior with the other Pegasus infections we analyzed, we believe it will serve as a reliable forensic artifact to support infection analysis
Maher Yamout, Lead Security Researcher at Kaspersky’s GReAT