Self-scans reveal that Pegasus, an invasive and powerful spyware that can secretly control phones and track owners, might be more widespread than previously thought. It was discovered on the phones of everyday phone users.
From wikiHow: How to Check Your Smartphone for Pegasus Spyware
Damn, I oughtta give my phone a check
Let’s say there are signs of it being infected. What can you do next?
I don’t know the full answer, but Pegasus isn’t one single piece of spyware, but rather a toolkit of many, many zero-day exploits.
A lot of them (the majority maybe?) are non-persistent meaning that they don’t survive a reboot.
That said, aside from keeping your phone up to date with security patches and rebooting frequently, I’m not sure there’s much the average person can do if you’re actively being targeted.
Buy/replace your phone
How do you keep that one from reinfecting?
You can try factory reset, but more than likely they control the boot process, so you can’t get rid of the malware no matter what you do.
You might be able to trade it in with your manufacturer. They might be interested in having an infected phone to study.
Reinstall rom
I installed GrapheneOS the moment I got my phone, which should give me a few protections over standard Android.
Longer term, I intend to get a Linux phone, I’m just waiting for the hardware and software to improve. I already almost entirely avoid the Play store, so making the final switch shouldn’t be that big of a jump.