Device security · Detection

Pegasus spyware detection, in real time.

By Helix · ~2,700 words · How the live detection engine actually works

The whole horror of mercenary spyware is that it's silent. No pop-up, no alarm, no sign. Pegasus reads your screen, listens through your mic and tracks your every move, and you never know. Helix turns that silent, invisible compromise into a loud, timestamped event — by watching your device in real time against a live feed of 4,179+ known mercenary-spyware indicators. Here's exactly how that works, and exactly where its honest limits are.

1. What real-time spyware detection actually is 2. The indicator feed: 4,179+ and growing 3. How Helix matches in real time 4. The real-world threat it stops 5. Why this matters to you specifically 6. How Helix implements it 7. The honest limits — read this part 8. The bottom line

1. What real-time spyware detection actually is

For most of the history of mobile forensics, finding Pegasus on a phone was an after-the-fact, expert-only exercise. You handed your device to a researcher, they pulled a full backup, and they ran tooling against it to look for traces of an implant that may have come and gone weeks earlier. By the time you got an answer, the surveillance had already happened. Your source was already exposed. Your negotiating position was already known. The damage was done, and the report was an autopsy.

Real-time detection flips that timeline. Instead of asking "was I infected last month?" it asks "is something happening on my device right now that looks like mercenary spyware?" — and it asks that question continuously, on the phone you already carry, while you go about your day. The difference is the difference between a coroner and a smoke alarm. One tells you what killed you. The other wakes you up while there's still time to act.

Helix's detection engine watches three surfaces that a spyware implant cannot fully avoid touching: the network connections your device opens (because an implant has to reach its operators to exfiltrate what it steals), the processes and apps running on the device (because the implant has to execute somewhere), and the files on disk (because payloads and components leave artifacts). Against each of those, it checks what it sees in the moment against a curated, frequently updated list of things that real mercenary spyware is known to do. A match throws an instant, loud, on-screen alert. It does not silently lock you out or kill your session — it tells you what it saw and lets you decide what to do next. You're in control; Helix is the witness.

2. The indicator feed: 4,179+ and growing

Detection is only as good as what you compare against. Helix doesn't invent its threat intelligence — it stands on the shoulders of the two most credible open-source intelligence efforts in this field: Amnesty International's Mobile Verification Toolkit (MVT) and the research published by Citizen Lab at the University of Toronto. These are the same organizations that broke the Pegasus Project, forensically confirmed infections on the phones of journalists and activists, and have spent years cataloguing exactly the digital fingerprints these implants leave behind.

An "indicator of compromise" (IOC) is a concrete, machine-checkable artifact. In practice the feed contains things like:

Command-and-control domains and IP addresses — the infrastructure an implant phones home to. When Pegasus exfiltrates your messages, it sends them somewhere; researchers have mapped large swaths of that somewhere.
Process names — the specific names the implant runs under as it operates on the device.
File hashes — the cryptographic fingerprints of the binaries and components a payload drops, so a known file can be recognized byte-for-byte even if it's renamed.
File paths and behavioral artifacts — the tell-tale locations and patterns documented across confirmed infections.

And it is not just Pegasus. The same corpus covers the wider mercenary-spyware ecosystem: Predator (Cytrox), FinFisher, NoviSpy and other families that sell functionally similar capabilities to the same kinds of clients. Today that public corpus runs to 4,179+ distinct indicators, and it grows every time researchers analyze a freshly targeted device and publish what they find. Helix consumes that feed so your phone is checking against the field's latest knowledge, not a snapshot frozen at install time.

The number isn't a marketing flourish. It's the count of distinct, real-world artifacts — domains, process names, hashes — drawn from public mercenary-spyware research. As the researchers publish more, the feed grows, and your protection grows with it.

3. How Helix matches in real time

The engine runs continuously and quietly. Three loops operate in parallel.

The network watcher

Helix observes the connections your device opens — the destinations your apps and processes reach out to. Each destination is checked against the command-and-control domains and addresses in the feed. The premise is simple and unavoidable for the attacker: spyware that can't talk to its operator is useless. It has to send the stolen data somewhere. The moment a connection resolves to known mercenary-spyware infrastructure, that's a high-confidence signal that something on your device is trying to phone home to an operator.

The process and app monitor

Helix enumerates running processes and installed apps and matches their names and signatures against the feed. An implant has to execute under some identity in the process table. If a name matches a documented Pegasus-class process, that's a direct hit — not "this looks suspicious" but "this is a name researchers have tied to a specific spyware family."

The daily file scan

Once a day, Helix hashes files in common drop locations and checks those hashes against the known-payload list in the feed. This catches a payload sitting on disk even if it isn't actively running in memory at the moment — the on-disk complement to the live process watch. (We cover this scan in depth in the daily malware & virus scan post.)

When any loop matches, Helix fires an immediate, unmistakable on-screen alert that names what it found and where. Crucially, it does not take destructive action on its own — it never silently kills your session or wipes anything based on a detection. A loud, honest alert that puts you in the decision seat is the entire design philosophy. Spyware's superpower is invisibility; the alert is how Helix removes it.

4. The real-world threat it stops

Picture the actual sequence of a mercenary-spyware compromise. An operator delivers an exploit — often a zero-click message that your phone processes automatically, with no tap from you. The implant lands, escalates privileges, and begins its work: reading your encrypted messages on-screen after they're decrypted, capturing keystrokes, harvesting your photos and contacts, and quietly streaming your microphone and location to a server somewhere. (For the full anatomy of how that infection chain works, see how Pegasus spyware works.)

Every one of those later steps creates a surface Helix can see. The implant has to run as a process — the monitor checks for it. It has to reach its operator to exfiltrate — the network watcher checks for that. It drops files — the daily scan hashes them. None of those is something the attacker can simply skip; they're intrinsic to what spyware is and what it's for. An implant that never runs, never connects out and never touches disk has also never spied on you.

So while Helix cannot promise to catch the very first packet of a brand-new, never-before-seen exploit, it is extremely well placed to catch known mercenary spyware — and the overwhelming majority of real-world deployments reuse infrastructure, tooling and components that the research community has already mapped. Exploits are scarce and expensive; operators amortize them across many targets, which means the same domains and payloads show up again and again. That reuse is exactly the weakness the indicator feed exploits.

5. Why this matters to you specifically

It's tempting to think this is a problem for famous dissidents in faraway countries. It isn't. The mercenary-spyware market is sold for "commercial dispute," "asset tracing" and "executive protection" use cases, and the brokers who sell access do not publish their client lists. The question was never whether the capability exists. It's whether you're worth the price to someone — and to more people every year, more targets are.

Crypto holders and whales. Your phone is a live map to your keys, your exchanges, your counterparties and your movements. A single confirmed read of your device can precede a very physical, very expensive bad day. Real-time detection turns "I have no idea if I'm being watched" into "I'd know the moment something matched."
Lawyers. Privilege is only privilege if the other side can't read it. An opponent who can see your strategy, your client list and your settlement floor has bought the case. Detection on your handset is a tripwire on the most concentrated repository of privileged material you carry.
Family offices and executives. Valuations, negotiating limits, M&A plans and the relationships behind them are worth far more than the cost of an exploit to the right rival. The people around you are the soft route in; detection on every device in the circle raises the floor for everyone.
Journalists and their sources. A confirmed infection doesn't just expose you — it burns the people who trusted you. A real-time alert is the difference between protecting a source and unknowingly leading an adversary straight to them.
Anyone targeted. A contested inheritance, a bitter divorce involving real money, a hostile takeover — these are textbook situations where someone with resources decides your phone's contents are worth buying. You don't choose to be interesting. You only choose whether you'd know.

6. How Helix implements it

Detection in Helix is not a separate app you have to remember to run. It's built into the client and runs on standard iOS and Android — the phone you already own — as well as Windows, macOS and Linux. There's no special hardware requirement to get the live shield. (The optional Helix Hardened Phone raises the baseline further by starting from a locked-down GrapheneOS foundation, but it's an option, not a prerequisite.)

The implementation reflects a few deliberate choices that are worth calling out, because they're what separates a real detector from security theater:

The feed updates. Threat intelligence that's frozen at install is dead intelligence. Helix keeps the indicator set current so your phone checks against what researchers know now.
It runs on-device. The matching happens locally. Helix isn't shipping your process list and network metadata to a cloud to be analyzed — that would itself be a surveillance surface. The check is local; your data stays yours.
It alerts, it doesn't ambush. A detection produces a clear, on-screen warning describing what was found. It never silently locks, wipes or kills your session. You decide the response, and you have the full picture to decide with.
It's one layer in a posture. Detection sits alongside the daily file scan, network and evil-twin detection, device-posture checks, and the mic/camera monitor — each removing something an attacker needs. No single layer is the whole answer; the posture is.

7. The honest limits — read this part

We will not insult you with a promise of magical immunity, and you should distrust anyone who does. Here is exactly what this feature is and is not.

Real-time spyware detection finds known indicators and risky device states. It is a strong signal, not a guarantee. It cannot see a kernel-level implant that hides its own existence from the operating system, and it cannot recognize a brand-new exploit chain whose infrastructure and payloads aren't yet on any researcher's list. An absence of alerts is not proof you're clean.

Unpack that, because the nuance is the whole point. Indicator matching catches known mercenary spyware — the domains, processes and files that have been documented. A genuinely novel, never-seen attack may leave nothing on the feed yet. And the deepest implants run at kernel level, where they can hook the very system calls a userspace detector relies on, hiding their own processes and files. No tool that lives in userspace on a stock phone can fully beat a top-tier, kernel-resident implant. That is a hard, physical truth of the platform, and we say it plainly.

So why is this worth having? Because the realistic threat is not an infinite-budget zero-day reserved exclusively for you and burned the instant it's noticed. The realistic threat is known tooling, reused infrastructure and operators who cut corners — and against that, real-time indicator matching is genuinely powerful. It converts the attacker's biggest advantage, silence, into your advantage, a timestamped alert. And it raises the cost: an adversary now has to burn a pristine, never-detected capability and operate flawlessly, on every device in your circle, forever, to stay hidden. That is a far higher bar than "send the same Pegasus payload they sent the last hundred targets." Detection doesn't make you invincible. It makes you expensive, and it makes you hard to surveil quietly — which, against this class of threat, is the honest definition of winning.

Detection vs. prevention — and why you want both

A fair question is whether detection even matters if you can't prevent the infection in the first place. It matters enormously, and conflating the two is a common mistake. Prevention is about shrinking the attack surface — closing doors so the exploit never lands. Helix does plenty of that elsewhere: its closed network with no phone number removes the inbound channel most zero-click payloads arrive through, and its bespoke, non-off-the-shelf protocols give a pre-built exploit nothing standard to aim at. But no honest engineer believes prevention is ever total against a sufficiently funded adversary. That's precisely why detection is not a consolation prize — it's the second half of a complete posture. Prevention raises the price of getting in; detection ensures that if someone pays that price, you find out, instead of being surveilled in silence indefinitely. A defender who only prevents is betting everything on a perfect wall. A defender who also detects has a witness inside the house.

What "you decide" actually means in practice

Helix deliberately does not auto-nuke your device on a detection, and it's worth explaining why, because some products treat aggressive automatic response as a selling point. The problem is that an automatic, irreversible reaction to a detection turns your own security tool into a denial-of-service weapon an adversary can aim at you: trigger a false-looking signal and watch the target's device wipe itself. It also strips you of context. A detection is information, and the right response depends on where you are and what you're doing — you might want to immediately cut comms and remove the device from a sensitive meeting, calmly preserve evidence for a forensic examiner, or invoke a burn before crossing a border. Helix gives you the loud, timestamped fact and the full toolkit — cut-all-comms, travel mode, one-tap burn — and lets you choose the response that fits the moment. The alert is the alarm; you are the one who decides what the alarm means.

8. The bottom line

Mercenary spyware wins by being invisible. Helix's real-time detection engine is built to take that invisibility away — watching your network, your processes and your files against a live, growing feed of 4,179+ real-world indicators from the most credible researchers in the field, and telling you, loudly and immediately, the moment something matches. It won't promise to catch every conceivable zero-day, and it can't see a kernel-level ghost. But it turns the silent compromise that defines this threat into something you can finally see and act on — on the phone you already carry. If you're someone worth surveilling, that tripwire is the difference between knowing and never knowing.

Get Helix — from $199 How Pegasus works

Three tiers, fixed and published: Core $199 · Operator $499 · Sovereign $999. Buy it or don't — no negotiation, no surprises.