Apple is sounding alarm bells over a wave of sophisticated and destructive spyware attacks against specific people across 92 countries. As reported by The Economic Times, Apple sent an email warning individuals in the crosshairs that they were “being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone.”
The email explained that the attacks are targeting people specifically because of who they are or what they do. Though the email said that Apple couldn’t be absolutely certain when detecting such attacks, the company had high confidence in the warning and urged people to take it seriously.
On Wednesday, Apple also updated its support page on threat notifications and mercenary spyware. The page explains how mercenary spyware attacks work, how Apple will alert its users if they’re the victims of such an attack, and what to do if you’re targeted by this kind of attack.
So just what is a mercenary spyware attack, and should the average iPhone user be concerned? On the one hand, most iPhone users will never be targeted by these types of attacks. On the other hand, such an attack could prove devastating for you since the attacker could remotely control and steal sensitive data from your device.
Typically carried out by, or on behalf of, nation states, such attacks are usually launched against individuals with specific roles in society, such as journalists, activists, politicians, and diplomats. The goal is often to strike back at someone because of what they did or said, especially if it runs afoul of a government or political leader or other type of authority.
Also: Removing spyware from your phone can be tricky. These options are your best bet
More advanced and complex than your average cybercrime, a mercenary spyware attack usually targets a small number of people. The attacks can still cost millions of dollars, according to Apple, and are often short lived, creating a challenge for anyone attempting to detect and stop them. Though these attacks are rare, Apple has sent out threat notifications multiple times per year since 2021, notifying people in more than 150 countries.
“It’s really important to recognize that mercenary spyware, unlike others, is deliberately designed with advanced capabilities, including zero-day exploits, complex obfuscation techniques, and self-destruct mechanisms, making it highly effective and hard to detect,” Krishna Vishnubhotla, VP of Product Strategy at mobile security provider Zimperium, told ZDNET. “Operating in stealth is key to its success. The developers of mercenary spyware go to great lengths to remove any clues that might link the software back to them or their clients.”
Probably the best known spyware for these types of attacks is Israel-based NSO Group’s Pegasus, which has been used in mercenary spyware campaigns against noted journalists, politicians, and other individuals. The NSO Group typically skirts any responsibility, claiming that the firm sells Pegasus only to intelligence and law enforcement agencies and that Pegasus can only be used against terrorists and criminals.
Apple and other companies have nevertheless sued the NSO Group for its role in state-sponsored attacks. Apple has also been forced to create and deploy bug fixes for the iPhone, iPad, Mac, and Apple Watch to shore up vulnerabilities exploited by Pegasus.
Although such attacks are often state-sponsored, Apple removed that term from its alert and from the latest update to its support page, after facing pressure from the Indian government about linking such breaches to state actors, a source with direct knowledge told Reuters. The support page does, however, still state that “individually targeted attacks of such exceptional cost and complexity have historically been associated with state actors.”
How would you know if you’re being targeted by a mercenary spyware attack? If Apple determines that you’re a potential victim, you’ll receive an email and a text message with an alert. A threat notification will also appear at the top of your Apple ID page after you sign in.
Apple also suggests that all iPhone users take these steps to protect themselves from spyware and similar threats:
- Protect your device with a passcode.
- Safeguard your Apple ID with two-factor authentication and a strong, secure password.
- Update your device to the latest OS version, which usually includes the newest security fixes.
- Install apps only from the App Store.
- Use strong and unique passwords for all your online accounts.
- Don’t click on links or attachments from unknown senders.
You can also protect yourself against such attacks by turning on Lockdown Mode, which disables or limits key features and settings to prevent the spyware from stealing sensitive data. In the event of an attack, Apple recommends that you also reach out to experts, such as the rapid-response emergency security assistance offered by the Digital Security Helpline at the nonprofit group Access Now.