Pegasus.framework is a video process used by iOS devices, as opposed to the Warfare Spywear Pegasus(NSO Group).
i have had similar issues and can tell you that this malware is associated with a « loose AI Neural Network Processor » that has destroyed many platforms.
This system uses « pegasus like processes ».
I would check for any of the following in your analytics…
skywalk_fsw_reap_en0
AppleS5L8940XI2CController AppleBCMWLANBusInterfacePCIe skywalk_doorbell_pdp_ip0_tx
These are indeed associated with the NSO Group and Pegasus spywear….AND…..are also associated with this Neural Network system AS WELL (although the two situations have nothing in common with each other other then the fact that those using them are federally illegally breaching unfortunate targets).
In Any case..
These are common to a JavaScript exploit used against a Bluetooth attack vector. They are usually installed with jsgreeter44 or 44CALIBER. These binaries are on github and used in the United States by USPIS.
The short range radio exploit comes AGAIN from the NSO Group, an Israeli company. You can tell by the integer sequencing and some other sources.
In short, this allows for the creation of an xpc bundle
IN YOUR SYSTEMS.
Erasing at Apple platforms does absolutely nothing but wasting time. These vulnerabilities corrupt the CPU, bios processes and the recovery partition…the one used to « re-install a fresh new operating system ». And moreover, once whichever source sends out these exploits and obtains your MAC Address of the device, wherever that device resurfaces (even after Factory Resetting etc)…it will pop back on the map and is immediately re-traceable.
Check for the above mentioned processes and do post here what you find…
Koruliu
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
From
Montréal, QC
Post
Replies
Boosts
Views
Activity
You are absolutely correct! They are Pegasus like processes. I am dealing with the same issue. there is no way to clean the network / system configurations to my knowledge. The problem is that these types of attacks are entirely successful but still illegal. What is there to do???
How can we purge the system from xpc Bundle?