Deeply impressed by mvt, the tool used by @AmnestyTech and @citizenlab to detect “devices compromised with Pegasus” and other malware, and which marked my iPhone as having “indicators of compromise” because… I have iMessage sticker apps installed. Unconscionable scam artists.
Ah yes, the “Pegasus indicators of compromise database”, which includes things like scanning your SMS messages for the string “weather4free dot com” and other expired domain names that could be texted to you by anyone, including Amnesty Tech staffers themselves.
There are helpful warnings on Device Integrity - Privacy Guides. But this threads shows an actual example of allegedly a false positive on his device.
One of the replies there said it best, don’t conflate surface-level scans for indicators as definitive proof of an exploit. It’s as we already say:
These tools can trigger false-positives. If any of these tools finds indicators of compromise, you need to dig deeper to determine your actual risk. Some reports may be false positives based on websites you’ve visited in the past, and findings which are many years old are likely either false-positives or indicate previous (and no longer active) compromise.
“Scam artists” seems a bit over the top to describe a free/open-source tool.
Forensics and generally intel can always contain false positives. If you are a victem of such spyware or find any indicators I would urge you to get professional help when possible.
MVT also gives indicators on most devices for example by allowing other installation sources. That is just something you see and asses. Correct assesement on indicators should not be underestimated.