Yes, info on Pegasus is easy to find. And never says Pegasus is active when the phone is powered off. It’s undetectable and insidious in what it can grab, but at no point is there any reference at all to being active while the phone is powered off.
If you have a reference that states otherwise (that isn’t written by an AI), please supply it. I’ll be happy to give up on this if someone can prove their point.
And that is because it is way too easy to detect when the phone is off, not only because of the battery drain, but because the radios would be transmitting when they shouldnt . Plus, persisting across a reboot requires some trace of the Trojan to be on physical storage, which is more likely to be found on a scan.
I am assuming that when a state-level actor is hacking a phone, they are targeting a person directly, and know how to get the Trojan on undetected. Their main goal will be to continue to siphon data off it while it is in use. It’s not worth the risk of detection to track it while it is off (and not being used, after all.) Don’t you think they would prefer to use the same method they used the first time to infect the burner phone that’s actually being used?