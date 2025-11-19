NSO Group (which creates extremely sophisticated spyware and sells it to governments that can’t build it on their own) likely entering the US market is a good reminder of the dangers posed by all spyware, malware, and malicious software. Learn about what you can do to protect yourself!

Recently, a US entity purchased NSO Group, and a former Trump official was appointed as the new executive chairman (https://gizmodo.com/trump-pegasus-2000683475). NSO sells to governments and is behind the development of sophisticated mobile spyware. NSO malware has been discovered on the phones of NGOs and journalists in various countries (aka not criminals or terrorists).

NSO was instrumental in assisting the Saudi Arabian government in assassinating Journalist Jamal Khashoggi (https://www.nytimes.com/2021/02/26/us/politics/jamal-khashoggi-killing-cia-report.html). NSO malware on Khashoggi’s wife’s phone was what enabled the assassination plot to succeed.

NSO was previously banned from being used in the United States because it has been used to target political activities, journalists, and dissidents. NGO has been working hard to reverse this. With NSO putting David Friedman in this role as chairman (he’s the Trump ally), we will likely see NSO Group software authorized for use by the US government and available to government entities willing to pay (maybe even state and local governments). Usually, this level of sophisticated malware is used by intelligence services and militaries of nation-states capable of developing it. NSO makes it commercially available to organizations that don’t have that level of sophistication. If authorized for use in the US, I could easily imagine ICE using it, or even state or local police organizations.

Hopefully, nobody reading this will ever have to worry about being targeted by an organization that uses NGO software to infect their device. However, there are many origins and types of malware, spyware, and other harmful software that can negatively impact you for various reasons, including financial fraud and scams.

This is why it’s worth knowing the risk of malicious software on your devices and what you can do about it!

Here are some simple steps you can take to minimize your risk of run-of-the-mill malware, spyware, or even sophisticated malware like that from the NSO Group or similar actors.

Preventative Steps

Restart your phone regularly (at least once a day). The best way to do this is to build it as a habit, such as restarting your phone every morning as the first thing you do when you wake up. Some malware lives in the device's short-term memory, which is deleted/reset when you restart. Restarting your device ensures that malware like this will only exist until your next restart. Always run the latest operating system on your device. Turn on auto-updates for software and apps. Most malware exploits unintentional vulnerabilities in the operating system (iOS or Android). When Apple and Google learn of these vulnerabilities, they fix them and publish updates to close them. If you don’t update your software, attackers can continue to exploit these vulnerabilities against you. Pay attention to risk signals. Unexplained or unusual loss of battery life. In Android and iOS, under Battery in Settings, you can see which applications are using the most battery, which helps you determine whether you have malware. Random activation of phone sensors (location, microphone, camera). Android and iOS display visual cues at the top of the screen to indicate whether sensors are in use, such as when your location is being accessed or the camera is activated (e.g., a green light). If you notice this behavior and it’s not your doing, it could be an indication of malware. Apps or App icons appearing that you didn’t install, or don’t recognize. Unexplained increase in data usage. You can also see which apps are responsible for increased data usage in Android and iOS. Never leave your device unattended when away from home. Ensure you have a strong passcode and use biometrics to lock your device. This makes it harder for someone to install malware on your device manually. Lock your device whenever you are done using it. Don’t click on suspicious links. Clicking on links is a way that attackers trick you into downloading malicious software. Don’t download software from untrusted companies. For example, Temu is basically spyware, even though it’s available on App stores — as indicated in the lawsuit from the Arkansas AG: https://www.malwarebytes.com/blog/news/2024/06/temu-sued-for-being-dangerous-malware-by-arkansas-attorney-general)

If you work for a sensitive organization, I highly recommend encouraging your organization to check out iverify.io, the most advanced threat-detection system available for devices designed to detect this type of malicious software.

What to do if you believe you have malware on your device

Restart your device. Do a factory reset and restore to a backup from a time when you believe your device was uninfected. Examine your high-value accounts for potential compromise. Usually, this means your Google and iCloud accounts, as well as any other accounts where you may have sensitive information stored. Malware might be used to gain access to these accounts, so examining these accounts to rule this out is essential. If you’re not sure, it’s best practice to update the passwords on these accounts and ensure you are using MFA. If you have a desktop computer, run a trusted antivirus program to scan for known malware. Last resort: get a new device.

Stay Safe!

Tate