Pegasus Spyware: The Complete History of the World’s Most Notorious Surveillance Tool

Your phone contains your entire life—photos, messages, location data, and access to all your accounts. But what if someone could access all of that without you ever knowing?

That’s exactly what Pegasus spyware can do. This military-grade surveillance tool has been secretly infiltrating smartphones worldwide for over a decade, turning them into powerful spying devices.

From its origins in Israel to global scandals involving world leaders, journalists, and activists, Pegasus has become the most feared spyware in the world.

In this comprehensive article, we’ll trace the complete history of Pegasus—from its first deployment to the latest developments in 2025.

What Is Pegasus Spyware?

Pegasus is what cybersecurity experts call “military-grade” spyware—one of the most sophisticated surveillance tools ever created. Developed by Israeli cyber-intelligence firm NSO Group, it’s designed to completely take over smartphones without the user knowing.

Once Pegasus infects your phone, it can:

• Read all your messages and emails (even encrypted ones)
• Record phone calls and conversations
• Track your exact location in real-time
• Secretly activate your camera and microphone
• Steal passwords and access all your accounts
• Download photos, videos, and documents

What makes Pegasus particularly dangerous is its “zero-click” infection method. Unlike other spyware that generally requires you to click a malicious link, modern versions of Pegasus can infect your phone through:

• WhatsApp missed calls
• iMessage notifications
• Even just receiving certain images

The spyware installs itself silently and invisibly, with no obvious signs that anything has happened.

The Origins of Pegasus (2010-2016)

NSO Group was founded in 2010 by former Israeli intelligence officials who understood the growing importance of mobile surveillance. The company positioned Pegasus as a legitimate tool for law enforcement and intelligence agencies to fight crime and terrorism.

Early Secretive Deployments

Because Pegasus is classified as a weapon by the Israeli government, every sale requires Defense Ministry approval. This regulation didn’t prevent its rapid spread—by the late 2010s, at least 18 countries had obtained Pegasus licenses.

The earliest known deployments trace back to 2013:

• United Arab Emirates (2013): Used Pegasus to surveil dissidents and critics.
• Panama (2012-2014): President Ricardo Martinelli’s government created a secret surveillance unit using Pegasus to spy on political rivals and journalists.

These early uses remained hidden from public view. Pegasus operated in complete secrecy until a failed attack in 2016 changed everything.

The Ahmed Mansoor Case: Pegasus Goes Public (2016)

In August 2016, Pegasus burst into headlines when a prominent human rights activist outsmarted his would-be hackers.

Ahmed Mansoor, a well-known dissident in the UAE, received a suspicious text message on his iPhone promising “new secrets” about torture in UAE prisons. Instead of clicking the link, the cautious activist forwarded it to cybersecurity researchers at Citizen Lab and Lookout Security.

The Discovery That Shocked the Cybersecurity World

Analysis revealed that clicking Mansoor’s link would have triggered a sophisticated attack chain:

1. Three zero-day iOS vulnerabilities would have been exploited.
2. His iPhone would have been jailbroken remotely.
3. Pegasus spyware would have installed itself completely invisibly.

This was unprecedented—government hackers were caught using iPhone spyware with multiple zero-day exploits.

Apple responded within 10 days, releasing iOS 9.3.5 to patch the vulnerabilities. But the damage to NSO’s secrecy was done. The “Pegasus” name became publicly associated with cutting-edge government spyware.

Global Expansion and High-Profile Abuse (2016-2020)

After 2016, investigations revealed Pegasus was spreading rapidly worldwide. By 2021, the spyware had been found in over 50 countries, with clients including both authoritarian regimes and democratic governments.

Mexico: A Major Pegasus Customer

Mexico emerged as one of the largest markets for Pegasus, spending approximately $32 million on NSO contracts. While Mexican authorities claimed success stories like helping capture drug lord “El Chapo” in 2016, investigative reporting revealed massive abuse.

A shocking New York Times investigation in June 2017 discovered that Mexican agencies had used Pegasus to target:

• Journalists investigating government corruption.
• Human rights lawyers and activists.
• Public health advocates pushing for a soda tax.
• Opposition politicians.

In one disturbing case, colleagues and the widow of murdered journalist Javier Valdez received Pegasus-laden messages just after his killing, suggesting the spyware was being used to intimidate the press.

The Khashoggi Connection

Pegasus became linked to one of the most notorious political assassinations of recent years. Jamal Khashoggi, the Saudi journalist murdered in October 2018, and his associates appear to have been Pegasus targets.

Forensic analysis found:

• Khashoggi’s wife Hanan Elatr’s phone was infected with Pegasus in April 2018—months before the killing.
• Saudi operatives likely used Pegasus to monitor Khashoggi’s communications.
• This surveillance may have aided their assassination plot.

The WhatsApp Hack of 2019

In May 2019, NSO’s spyware exploited a flaw in WhatsApp’s call feature to infect approximately 1,400 devices worldwide. Victims would simply receive a missed video call, and Pegasus would install itself—even if they didn’t answer.

This global attack targeted:

• Human rights activists.
• Journalists and dissidents.
• Government officials.
• Lawyers and civil society leaders.

The attack prompted Facebook (WhatsApp’s parent company) to sue NSO Group later that year.

The Pegasus Project: The Biggest Surveillance Exposé Ever (2021)

In July 2021, the world learned the true scope of Pegasus surveillance through an unprecedented media investigation. A consortium of 17 media organizations in 10 countries, coordinated by Forbidden Stories and Amnesty International, released the “Pegasus Project” reports.

The Leaked List

At the heart of the investigation was a leaked database containing over 50,000 phone numbers—individuals selected as potential targets by NSO’s government clients between 2016 and 2021.

The leak revealed Pegasus was actively used by at least 10 countries:

• Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, and the UAE.

Shocking High-Profile Targets

The leaked list revealed some shocking targets—including some of the world’s most powerful people:

World Leaders:

• French President Emmanuel Macron.
• Pakistan’s Prime Minister Imran Khan.
• South African President Cyril Ramaphosa.
• The King of Morocco.

Business Figures:

• Amazon founder Jeff Bezos.

Civil Society:

• Hundreds of journalists worldwide.
• Human rights lawyers and activists.
• Opposition politicians and election officials.

Furthermore, forensic analysis confirmed Pegasus infections on over 50% of phones tested from the leaked list.

The Global Fallout

The Pegasus Project caused immediate international outrage and diplomatic tensions worldwide.

In Hungary, thousands took to the streets in protests against Viktor Orbán’s government after journalists and opposition figures were revealed as targets. The revelations sparked a major political crisis and ongoing debates about press freedom in the EU member state.

India’s Parliament was thrown into turmoil, with opposition parties making explosive accusations of “treason” against the ruling party for allegedly spying on its own citizens. The controversy dominated political discourse for months and raised serious questions about democratic governance.

France immediately demanded answers from Morocco about the targeting of President Macron, creating a significant diplomatic rift between the two countries. The incident highlighted how Pegasus abuse could damage international relationships even between allied nations.

Legal and Political Backlash (2021-2022)

The revelations triggered an unprecedented backlash against NSO Group and spyware proliferation.

U.S. Government Sanctions

In November 2021, the United States blacklisted NSO Group, adding it to the Entity List that bars U.S. companies from selling software or equipment to NSO. This effectively crippled NSO’s ability to source key components.

Ironically, it was also revealed that the FBI had purchased Pegasus in 2019 for testing (though they claim never to have deployed it operationally).

Apple Fights Back

In late 2021, Apple filed a major lawsuit against NSO Group, alleging the company had violated Apple’s terms of service by targeting iPhone users with Pegasus spyware. The lawsuit sought to hold NSO accountable for hacking Apple’s customers and potentially ban the company from using any Apple products or services.

Apple also began proactively notifying individuals who were discovered to be Pegasus targets. Starting in November 2021, Apple sent security alerts to victims including activists and opposition politicians in multiple countries, and even U.S. State Department employees in Uganda. These notifications marked the first time a major tech company had directly warned users about state-sponsored spyware attacks.

European Investigations

The European Parliament established a special Committee of Inquiry (PEGA) in March 2022 to investigate spyware abuse in EU states. The committee found that spyware had been misused for political purposes in at least four EU countries: Poland, Hungary, Greece, and Spain.

Continued Activity and Recent Developments (2023-Present)

Despite intense scrutiny and legal challenges, Pegasus continues to surface in new incidents, proving that advanced spyware remains a persistent threat.

Ongoing Targeting

Recent confirmed Pegasus attacks include:

2023:

• A Russian investigative journalist working for Meduza was infected while in Berlin—the first known Russian target.
• Indian opposition politicians and journalists received Apple alerts about “state-sponsored attackers” ahead of the 2024 elections.

2025:

• In February 2025, two journalists from the Balkan Investigative Reporting Network in Serbia were targeted via malicious Viber messages.

The Technology Arms Race

Since first learning about Pegasus, tech companies have responded with various defensive measures:

• Apple’s Lockdown Mode (2022): A high-security mode that hardens iPhones against zero-click attacks.
• Regular security patches: Apple and Google continue patching vulnerabilities, but NSO keeps finding new ones.

NSO Group’s Current Status

NSO Group remains operational but faces mounting challenges. The U.S. sanctions cut off NSO’s access to American technology suppliers, while the company has reduced its workforce substantially and seen revenue fall dramatically as government clients distanced themselves following international backlash.

Legal pressures have intensified the company’s troubles. In December 2024, a U.S. federal judge found NSO liable for hacking WhatsApp users and ordered the company to pay $167 million in damages—the first time a court held a spyware company directly responsible for abuse.

NSO has undergone significant changes, including CEO Shalev Hulio stepping down in July 2022. The company now claims it will only sell Pegasus to “U.S.-aligned NATO countries,” though the implementation of this pledge remains unclear. Despite these challenges, NSO continues seeking investment and potential buyers.

How to Protect Yourself from Pegasus-Style Attacks

While Pegasus represents the cutting edge of spyware technology, there are steps you can take to protect yourself:

Secure your device

🔄 Keep your operating system updated

Both iPhone and Android devices regularly receive security patches that fix vulnerabilities used by spyware like Pegasus. Enable automatic updates in your device settings to ensure you get these critical protections as soon as they’re available.

⚠️ Be cautious with suspicious messages

Pegasus has used various messaging platforms to infect devices, including WhatsApp, iMessage, and SMS. Never click links from unknown contacts, and be wary of unexpected messages even from people you know—their accounts could be compromised.

🔒 Enable Lockdown Mode (iPhone)

Apple’s Lockdown Mode provides enhanced protection against sophisticated attacks. Go to Settings > Privacy & Security > Lockdown Mode and toggle it on. While this limits some functionality, it significantly hardens your device against zero-click exploits like those used by Pegasus.

Fig 1. Enabling Lockdown mode on iPhone.

🛡️ Use Google Play Protect (Android)

This built-in security feature continuously scans your device for malicious apps. Ensure it’s enabled in Google Play Store > Menu > Play Protect. It can detect and remove potentially harmful applications before they cause damage.

Fig 2: Google Play Protect on Android.

Use Professional Security Tools

While consumer security apps may struggle with the most advanced spyware, specialized tools can detect sophisticated threats and security vulnerabilities that could compromise your privacy.

Certo AntiSpy can detect advanced spyware that might be secretly monitoring your device. For iPhone users, it offers deep desktop-based scanning that analyzes your device thoroughly via USB connection. Android users get real-time protection with continuous monitoring.

Regular scans with professional-grade security tools can identify threats that built-in security features might miss, giving you peace of mind that your device remains secure.

Fig 3: Detecting spyware with Certo AntiSpy for Android.

Stay Vigilant

While Pegasus is designed to operate invisibly, there are still some warning signs that might indicate a spyware infection. Watch for these symptoms that could suggest your device has been compromised:

• Unusual battery drain
• Phone overheating
• Unexpected data usage spikes
• Slower performance
• Strange notifications or messages

Wrapping Up

The history of Pegasus spyware is still being written. From its secretive origins in 2010 to the global scandals of 2021 and ongoing incidents through 2025, Pegasus has redefined what’s possible in mobile surveillance.

What started as a tool to fight crime has been repeatedly used against journalists, activists, politicians, and ordinary citizens worldwide. Even the most security-conscious individuals can be compromised by state-level actors with tools like Pegasus. This reality has forced a rethinking of digital privacy expectations.

The largely unregulated spyware market has created what experts call a “wild west” environment. Calls for international frameworks to govern spyware sales continue to grow, but enforceable global regulation remains elusive.

The Pegasus story serves as a powerful reminder that in our smartphone-dependent world, privacy and security can never be taken for granted. While most people will never be targeted by military-grade spyware like Pegasus, the techniques and vulnerabilities it exploits are often used by more common threats.

The cat-and-mouse game between spyware developers and security defenders continues. As new vulnerabilities are discovered and patched, and as regulations slowly catch up to technology, one thing remains clear: the battle for digital privacy is far from over.

FAQs

Can Pegasus infect any smartphone?

Pegasus primarily targets iPhones and Android devices. It uses different attack methods for each platform, exploiting vulnerabilities in the iOS and Android operating systems. However, keeping your phone updated with the latest security patches significantly reduces infection risk.

How would I know if my phone has Pegasus?

Pegasus is designed to be completely invisible, making detection extremely difficult. Signs might include unusual battery drain, overheating, or strange behavior, but these could have other causes. Professional security tools like Certo AntiSpy can detect advanced spyware indicators.

Is Pegasus still active in 2025?

Yes, Pegasus continues to be used despite legal challenges and sanctions against NSO Group. Recent incidents in 2023 and early 2025 show the spyware remains operational, though its deployment may be more limited than in previous years.

Can antivirus apps detect Pegasus?

Traditional consumer antivirus apps typically cannot detect military-grade spyware like Pegasus. However, specialized tools like Certo AntiSpy use advanced detection methods that can identify various spyware threats and security vulnerabilities.

What countries use Pegasus?

The Pegasus Project revealed at least 10 confirmed client countries: Azerbaijan, Bahrain, Hungary, India, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, and the UAE. Other countries may also be clients but haven’t been publicly confirmed.

How much does Pegasus cost?

While exact pricing isn’t public, reports suggest Pegasus licenses cost governments millions of dollars. The high price reflects the sophisticated technology and the fact that sales are regulated by the Israeli government as weapons exports.