Apple sends new warning about mercenary spyware attacks to iPhone users. Should you worry now?
Apple is sounding a new round of alarm bells over a wave of sophisticated and destructive spyware attacks against specific people across 92 countries. As spotted by TechCrunch on Wednesday, Apple sent an email warning individuals in the crosshairs that they "are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID." The email also listed the specific ID for each individual who received it.
The email explained that the attack is likely targeting each potential victim because of who they are or what they do.
Also: Removing spyware from your phone can be tricky. These options are your best bet
"Although it's never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning -- please take it seriously," Apple added in its message.
This is the second such warning that Apple has issued in 2024. In April, the company sent out a similar alert to targeted iPhone users, cautioning them about mercenary spyware attacks directed against them. At the same time, Apple updated its support page on threat notifications and mercenary spyware. The page explains how mercenary spyware attacks work, how Apple will alert its users if they're the victims of such an attack, and what to do if you're targeted by this kind of attack.
So just what is a mercenary spyware attack, and should the average iPhone user be concerned? On the one hand, most iPhone users will never be targeted by these types of attacks. On the other hand, such an attack could prove devastating for you, since a successful attacker can remotely control and steal sensitive data from your device.
Typically carried out by, or on behalf of, nation states, such attacks are usually launched against individuals with specific roles in society, such as journalists, activists, politicians, and diplomats. The goal is often to strike back at someone because of what they did or said, especially if it runs afoul of a government, a political leader, or another type of authority.
Also: Google's dark web monitoring service will soon be free for all users - here's how to use it
More advanced and complex than your average cybercrime, a mercenary spyware attack usually targets a few people. The attacks can still cost millions of dollars, according to Apple, and are often short-lived, creating a challenge for anyone attempting to detect and stop them. While these attacks are rare, Apple has sent out threat notifications multiple times per year since 2021, notifying people in more than 150 countries.
"It's really important to recognize that mercenary spyware, unlike others, is deliberately designed with advanced capabilities, including zero-day exploits, complex obfuscation techniques, and self-destruct mechanisms, making it highly effective and hard to detect," Krishna Vishnubhotla, VP of product strategy at mobile security provider Zimperium, told ZDNET back in April. "Operating in stealth is key to its success. The developers of mercenary spyware go to great lengths to remove any clues that might link the software back to them or their clients."
Probably the best known spyware for these types of attacks is Israel-based NSO Group's Pegasus, which has been used in mercenary spyware campaigns against noted journalists, politicians, and other individuals. The NSO Group typically skirts any responsibility, claiming that the firm sells Pegasus only to intelligence and law enforcement agencies and that Pegasus can only be used against terrorists and criminals.
Apple and other companies have nevertheless sued the NSO Group for its role in state-sponsored attacks. Apple has also been forced to create and deploy bug fixes for the iPhone, iPad, Mac, and Apple Watch to shore up vulnerabilities exploited by Pegasus.
Although such attacks are often state-sponsored, Apple removed that term from its alert and from the latest update to its support page, after facing pressure from the Indian government about linking such breaches to state actors, a source with direct knowledge told Reuters. The support page does, however, still state that "individually targeted attacks of such exceptional cost and complexity have historically been associated with state actors."
Also: How to find out if an AirTag is tracking you
How would you know if you're being targeted by a mercenary spyware attack? If Apple determines that you're a potential victim, you'll receive an email and a text message with an alert. A threat notification will also appear at the top of your Apple ID page after you sign in.
Apple suggests that all iPhone users take the following steps to protect themselves from spyware and similar threats:
- Protect your device with a passcode.
- Safeguard your Apple ID with two-factor authentication and a strong, secure password.
- Update your device to the latest OS version, which usually includes the newest security fixes.
- Install apps only from the App Store.
- Use strong and unique passwords for all your online accounts.
- Don't click on links or attachments from unknown senders.
You can also protect yourself against such attacks by turning on Lockdown Mode, which disables or limits key features and settings to prevent spyware from stealing sensitive data. In the event of an attack, Apple recommends that you also reach out to experts, such as the rapid-response emergency security assistance offered by the Digital Security Helpline at the nonprofit group Access Now.