Worried your iPhone has Pegasus spyware? Start with the honest answer: Pegasus is hard to detect, and no consumer scanner can prove your device is 100% clean.

That does not mean you are helpless. You can check for known traces, update your device, use Apple's built-in protections, and escalate to forensic help if your risk is high.

This guide shows you how to detect Pegasus spyware on iPhone and iPad with a local Zeus App scan, what the results mean, and what to do next.

Quick answer: how to detect Pegasus spyware on iPhone

The most practical way to detect Pegasus spyware on iPhone is to scan a fresh local backup for known indicators of compromise. Amnesty International's Mobile Verification Toolkit, also called MVT, is the forensic benchmark. It is powerful, but it is built for technical users who are comfortable with Terminal and command-line tools.

For most people, Zeus App is the simpler path. Zeus scans your iPhone or iPad backup on your computer and looks for known signs of Pegasus activity, such as suspicious domains, file names, links, process names, and other traces.

Keep the limits clear:

If you only remember one thing, remember this: detection is a clue, not a courtroom verdict.

• A clean scan means Zeus did not find known traces. It does not prove your iPhone is clean.
• A possible detection needs review. False positives can happen.
• If you are a journalist, activist, lawyer, executive, public official, or someone handling sensitive work, treat a possible Pegasus infection as a serious security incident.

What is Pegasus spyware?

Pegasus is spyware made by NSO Group. It is not normal malware floating around random app stores. It is high-end surveillance software sold to government customers and used against high-value targets.

Once Pegasus compromises a phone, it can access private data on the device. Reports from Amnesty International and other security researchers have tied Pegasus to surveillance of journalists, human rights defenders, activists, lawyers, political figures, and other sensitive targets.

Pegasus can be especially dangerous because some infections use zero-click exploits. You do not need to install a shady app. You do not need to tap a fake link. In some cases, the exploit chain can start from a message, call, or other hidden delivery path.

That is why normal advice like "do not click suspicious links" is not enough. It helps with many scams. It does not fully answer Pegasus.

Who should worry about Pegasus spyware?

Most everyday iPhone users are unlikely Pegasus targets. If you are trying to avoid random spam, banking scams, or sketchy apps, Pegasus is probably not your main risk.

You should take Pegasus more seriously if you fit one of these groups:

This matters because your next step depends on risk. A curious home user can run a local scan, update iOS, and move on. A high-risk person should preserve evidence and talk to a qualified security expert before wiping the phone.

• Journalist, editor, researcher, or media worker
• Human rights defender or activist
• Lawyer working on sensitive cases
• Political figure, government worker, or campaign staffer
• Executive, founder, investor, or person with sensitive business access
• Person who has received Apple threat notifications
• Person who has reason to believe a state-level attacker may target them

How Pegasus spyware works on iPhone

Pegasus usually targets weaknesses in iOS, messaging, browser components, or other system services. Older Pegasus attacks abused iMessage and WebKit paths. Newer spyware campaigns change over time, which is why stale detection rules are a problem.

After infection, Pegasus can read or collect sensitive data from the device. That can include messages, call history, location data, photos, files, emails, and app data. Encrypted messaging apps do not fully protect you if spyware already controls the phone, because the spyware can read content after the app decrypts it on the device.

Pegasus is built to hide. It may leave traces in system logs, crash reports, Safari history, iMessage caches, diagnostic files, or other backup artifacts. Tools like MVT and Zeus look for those traces.

Symptoms of Pegasus spyware: weak signals, not proof

People search for symptoms of Pegasus spyware because they want a simple checklist. The problem: Pegasus does not behave like a bad browser extension or cheap adware.

Some warning signs can overlap with spyware:

These symptoms do not prove Pegasus infection. A worn battery, bad app update, weak signal, or full storage can cause the same behavior.

Use symptoms as a reason to check. Do not use them as proof.

• Battery drains faster than usual
• The phone gets hot with no obvious reason
• Mobile data usage jumps
• Apps crash or behave strangely
• You see Apple threat notifications
• You receive strange messages, calendar invites, links, or attachments
• Your accounts show suspicious logins or password reset attempts

Before you scan: update and protect the device

Before you run any Pegasus spyware detector on iPhone, do the basics that reduce risk now.

Apple designed Lockdown Mode for people who may be targeted by highly sophisticated spyware. It reduces attack surface by limiting certain message attachments, web technologies, FaceTime calls from unknown contacts, wired connections while locked, and other risky paths.

Lockdown Mode is not for everyone. It can make parts of your iPhone less convenient. But if your risk profile is real, convenience is not the point.

1. Update iOS or iPadOS to the latest version available for your device.
2. Turn on automatic updates.
3. Update apps from the App Store.
4. Use a strong passcode, not a 4-digit code.
5. Turn on two-factor authentication for Apple ID and important accounts.
6. Review device profiles under Settings if your organization does not manage your phone.
7. Consider Apple Lockdown Mode if you are at high risk.

The credible forensic path: Amnesty MVT

Amnesty International published a forensic methodology for detecting Pegasus traces and released the Mobile Verification Toolkit. MVT can analyze iOS and Android data against known indicators of compromise.

MVT is the authority path because it came from the investigation that exposed many Pegasus cases. It can inspect backups and logs for suspicious domains, iMessage artifacts, process names, and other traces.

The catch: MVT is not a friendly Mac app with a big Scan button. You need comfort with command-line tools, backups, Python dependencies, and interpretation. If that sentence already sounds annoying, Zeus is the practical bridge.

Use MVT or expert help when the stakes are high. Use Zeus when you want a simpler local scan for known traces.

How can I check if my phone has Pegasus spyware?

Zeus App is a free Softorino spyware analyzer for iPhone and iPad backups. It checks a local backup for known Pegasus traces and does the analysis on your computer.

Zeus does not prevent infection. It does not promise your device is clean. It looks for signs of current or past infectious activity, such as known malicious links, file names, domains, process names, and other indicators.

That limitation is not a flaw. It is the honest way to talk about Pegasus detection.

Before you start

Read the Zeus documentation and warnings before you scan. The app can surface possible traces, but some results may need expert interpretation.

If Zeus finds nothing, do not treat that as a permanent safety certificate. If Zeus finds something, do not panic and wipe the device before you understand what was found.

1.1 Zeus privacy: local backup analysis

Zeus analyzes your latest iPhone or iPad backup on your computer. Your personal files do not get uploaded to Softorino or a third party for scanning.

Zeus needs an internet connection to update the app. That matters because spyware indicators change over time. A detector with stale rules is worse than useless. It gives you confidence you did not earn.

If you want to protect your backup data, read Softorino's guide on iPhone backup encryption. Encrypted backups can store more device data than unencrypted backups, and they protect the backup itself.

1.2 Scope and limitations

Zeus checks a backup for known signs of Pegasus activity. Detection depends on the traces available in the backup and the indicators Zeus knows about at scan time.

That means 3 things:

Do not use Zeus as a replacement for expert support if you are a high-risk target. Use it as a first pass.

• Zeus can find known indicators.
• Zeus may miss new or unknown spyware behavior.
• Zeus may flag something that needs human review.

Scan your iPhone with Zeus App: step-by-step guide

Follow these steps to check an iPhone or iPad backup for Pegasus spyware traces.

Step 1: Install and launch Zeus App

Download Zeus from the official Softorino website:

=> Download Zeus App

Open the app and accept the user agreement. Follow the setup instructions shown in the Zeus window.

Step 2: Connect your iPhone or iPad

Connect your iPhone or iPad to your computer with a USB cable. Zeus will detect the device after the connection is established.

If this is the first time you connected the device to the computer, iOS may ask you to trust the computer or enter the passcode. This pairing step creates a secure connection between the device and the computer.

If your device does not show up, check Softorino's guide on fixing iPhone identification errors in iTunes. Even if you are not using iTunes, the same local device connection issues can affect backup tools.

Step 3: Create a fresh local backup

Click "Start Backup & Scan" to create a local backup. The backup can take 15 to 60 minutes depending on your device storage, cable, and computer speed.

Do not unplug the device during backup. If the backup fails, fix that first and scan again.

Step 4: Review backup options

Zeus lets you choose the backup location and the device you want to scan. This helps if you have checked another iPhone or iPad before.

Pick the current device and the latest backup. For Pegasus detection, a fresh backup gives the scanner the best chance to find current traces.

Step 5: Unlock the backup and start the scan

After Zeus copies the backup to your computer, the app may ask for your iPhone or iPad password to unlock the backup. Enter the password and let the scan run.

The scan usually takes a few minutes after the backup finishes. Keep the app open until Zeus shows the result window.

How to interpret Zeus scan results

Zeus can show 3 broad result types: clean scan, possible traces, or stronger signs of spyware activity.

Clean scan

A clean scan means Zeus did not find known Pegasus indicators in the backup it analyzed.

That is good news, but it has limits. A clean scan does not guarantee the device has never been infected. It means Zeus did not find known traces in that backup.

If your risk is low, update iOS, keep automatic updates on, and watch for Apple security notifications. If your risk is high, do not stop at a clean scan. Talk to a qualified digital security expert.

Possible traces

Possible traces mean Zeus found something that deserves review. This does not automatically mean Pegasus infected your iPhone.

Some normal apps, links, files, or tracking components can look suspicious. Review the Zeus report carefully. If you do not understand it, contact Softorino support or a security professional.

Stronger spyware indicators

If Zeus reports stronger signs of spyware activity, treat the device as potentially compromised.

Do not use that phone for sensitive messages, calls, password resets, banking, legal work, source communication, or account recovery until you know what happened.

What to do if Zeus detects Pegasus traces

If Zeus detects possible or actual Pegasus traces, do not rush into random fixes. Your goal is to protect yourself without destroying evidence you may need.

Start here:

If you are in a sensitive role, ask an expert before factory resetting the phone. A reset may reduce risk, but it can also destroy evidence.

If your threat level is low and you only want to reduce everyday risk, updating iOS, changing passwords from a trusted device, and restoring from a clean backup may be enough. Do not treat that as professional incident response.

1. Stop using the device for sensitive work.
2. Take screenshots or export the Zeus report if the app allows it.
3. Back up important data safely.
4. Update iOS or iPadOS to the latest version.
5. Change important passwords from a different trusted device.
6. Enable two-factor authentication where possible.
7. Contact Softorino support at support@softorino.com for help reading Zeus results.
8. If you are high risk, contact a qualified digital security expert.

Can Pegasus spyware be removed from an iPhone?

There is no magic "remove Pegasus" button you should trust. Security guidance changes because spyware changes.

Updating iOS can close known exploit paths. Factory reset can remove many device-level issues, but it may not answer how the compromise happened or whether your accounts were accessed. Restoring from an old backup can also bring back unwanted data if the backup contains traces or risky configuration.

For a high-risk case, the safer path is:

For a normal user who only wants practical risk reduction, keep the phone updated, avoid unknown configuration profiles, use strong account security, and run Zeus again if you have a real reason to check.

• Preserve evidence.
• Get expert advice.
• Update or replace the device if advised.
• Rotate passwords and recovery keys from a trusted device.
• Review Apple ID, email, messaging, cloud, and financial account access.
• Keep Lockdown Mode on if your role justifies it.

Pegasus prevention checklist for iPhone and iPad

You cannot prevent every advanced spyware attack. You can reduce your attack surface.

Use this checklist:

Apple sends threat notifications to users it believes may have been targeted by state-sponsored attackers. If you receive one, take it seriously and follow Apple's guidance.

• Keep iOS and iPadOS updated.

• Turn on automatic security updates.

• Use a strong passcode.

• Enable two-factor authentication for Apple ID.

• Remove unknown configuration profiles.

• Avoid jailbreaking your device.

• Do not connect your iPhone to untrusted computers.

• Review account login alerts.

• Keep encrypted local backups.

• Use Lockdown Mode if you face targeted threats.

• Pay attention to Apple threat notifications.

FAQ

Bottom line

Pegasus detection needs honesty. Zeus can help you check an iPhone or iPad backup for known traces, but no scanner can promise perfect certainty.

If you are a normal user, update your device, run a local Zeus scan if you are worried, and keep your account security tight. If you are a high-risk target, use Zeus as a first check and get expert help before you wipe, restore, or keep using the device.

Start with the simple local scan: Download Zeus App.