hello. I copy and paste most helpful response. below response work because Pegasus or phantom in US work by virtual replicating phone. Pegasus work with stealing sim and MAC address on phone. Then use virtual developer phone and live apple hardware after steal your passwords. operators have a virtual phone for real time monitoring, make your what’s app call like walk-in talkie. They use virtual audio Chanel with XPC services. Other live hardware update over time for installing malware plist files after integer exploit on kernel. below best defense. Not perfect but works temporarily. “Hello. I respond to your query about winged horse malware, pegasaurus. I would also have a copy of imazing handy, two SIM cards and two iCloud accounts. wipe the phone and reinstall iOS with your SIM card out. activate the phone via a Mac, after a clean macOS install isolated from a network. No Bluetooth either or airplay or handoff. create a new iCloud account with SIM card out. Turn on airplane mode immediately. disable iMessage and FaceTime immediately. All items in both apps must be manually turned off. Don’t turn off airplane mode. Prepare to turn off find my, and all other location services. Tun off airplane mode. Rush to turn off find my, and all iCloud services. turn off all notifications and Siri. Also turn off all Siri learning. 8a. Download all needed apps, delete all inexcusable apps. pop in SIM card. turn on two factor authentication. Sign out of iCloud. Backup iPhone to Mac again. Pop out SIM card. restore iPhone. use imazing confgurstor to supervise and run apps in a profile. avoid T-Mobile sims, ATT gives NSO Group most difficult time. Verizon also better than T-Mobile for protection but not as good as att. Something about the old Nortel switches they have. Here’s a simple explanation. Even if you can do this very well, winged horsey also will get you via Bluetooth. They use with FORCEDENTRY a program called 44CALIBER or jsgreeter44. It is a Java script hack of classic Bluetooth. I may have accidentally made the old GitHub public on accident. But you work see people trying to pretend they are Russian on that forum. here’s how horsey works. When you activate and iPhone, they get all your information, phone id, hardware information, etc, so you cannot hide. Then within 24 hours you get a text message with a link. That message tricks iMessage into thinking it is an android text and this exploits tls 1.3 and gets your keys to the kernel. By the time you get a text you’ve already been hacked. That’s because they infect you through iCloud services and activation transmission. The text message is not necessarily the zero day but it can be. The text link points the exploit to an operator and encrypts the traffic sort of or proxies it. In either case you cannot use iCloud. They exploit -0500 and -0800. 20a. Change your default browser to anything but safari and use a browser without Java script for default. they send an integer exploit for buffer overflow via iCloud before the text arrives. there is a software that blocks the nso hacking tool but I will not say it here. good luck. W. 0’. I hope that this helps you.”