Apple has warned iPhone users in 92 countries that their device is at risk of being compromised by a “mercenary spyware attack.” Sent yesterday to consumers at 20:00 GMT, the notification did not identify the third party or parties responsible or the possible consequence of the attack upon individuals or wider networks. Tech Monitor has reached out to Apple for comment.
“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID,” read the warning. “This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning – please take it seriously.”
Apple “mercenary spyware attack” not the first
Apple has sent threat notifications of this type to users in the past, though rarely on this geographical scale. These warnings, it says on a separate support page, are primarily designed to thwart “targeted attacks” against civil society figures like journalists, politicians, diplomats and activists by state actors. Apple recommends that all users who receive such notifications should update their devices to receive the latest security fixes available, as well as to practice strong cyber hygiene.
According to Apple, a mercenary spyware attack is typically associated with state actors using malware designed by private companies like the creator of the notorious ‘Pegasus’ spyware, NSO Group. Discovered in 2016, Pegasus spyware and other strains like it can remotely extract multimedia from an infected phone and monitor its camera and microphone even when the device appears to be off. Though it remains difficult to definitively attribute breaches associated with this type of malware to a specific government or group, said the firm, “Apple threat notifications are high-confidence alerts” based on internal threat intelligence assessments and investigations.
Pegasus infections continue
Though Apple has issued several threat notifications a year since 2021 across 150 countries, the geographic scale of its latest alert is unusual. The last notable alert was issued in October 2023, when Apple sent threat notifications to an unknown number of politicians in India. This immediately led to allegations from the opposition Congress Party that the government was spying on leading opposition figures. India’s minister for IT, Ashwini Vaishnaw, denied the accusations, stating that the government was investigating the matter and describing the threat notifications as “vague.”
Promoted by NSO Group as a crimefighting tool, Pegasus has been more closely associated with political repression and spying by authoritarian governments and law enforcement agencies since its development in 2011. Though banned in some countries, infections continue to be discovered. In February, for example, two members of a European Parliament defence subcommittee were targeted by Pegasus software by an unknown third party. Apple itself was forced to issue an emergency software update in September 2023, when it was revealed that Pegasus could be injected into iPhones remotely using a zero-day vulnerability in its iOS operating system.