For protection against spyware, Apple advises iPhone owners to update their software, create strong passwords with two-factor authentication, and avoid opening links or attachments from shady communications.

On April 10, Apple sent a danger message to 92 nations’ iPhone customers, stating that a mercenary malware attack was targeting their devices. Senders of the warning were informed that the attackers were trying to “remotely compromise” their phone and that they were probably being targeted especially “because of who you are or what you do.” The notice was delivered at 12:00 p.m. Pacific Time. The accused attackers and the recipients’ locations were not disclosed in Apple’s statement.

On their dedicated support page, Apple advised iPhone customers who have gotten the alert about the mercenary malware attack to seek professional cybersecurity assistance.

Which was the subject of Apple’s most recent threat alert?

Both TechCrunch and Reuters have viewed the email. It is said to say:

“Apple has discovered that the iPhone linked to your Apple ID -xxx- is under attack from mercenary spyware, which aims to remotely compromise the device.

Because of who you are or what you do, you are probably the specific target of this attack. Please take this warning carefully, since Apple has great confidence in its ability to detect such assaults, even though it is never possible to be 100% certain.
We regret notifying you that further details on the reason for this message cannot be shared since they could aid mercenary spyware attackers in changing their tactics to avoid detection in the future.

“Compared to typical cybercrime activity or consumer malware, mercenary spyware attacks—like those that use Pegasus from the NSO Group—are extremely unusual and far more sophisticated.”

Apple claims that the message also offered precautions users might take to safeguard their device, such as turning on Lockdown Mode, which limits access to specific websites, apps, and functionalities in order to reduce the area that spyware can target.

What is an attack using mercenary spyware?

A mercenary spyware attack is when spyware, which is malicious software installed on a target device by a third party for the aim of spying, is released. In order to obtain the necessary sensitive information or carry out surveillance without the sponsor’s direct involvement, this business acts on behalf of a paying customer.

Usually, phishing or other sneaky behaviors allow malware to enter a system through software weaknesses. After installation, it can track whereabouts, intercept passwords, access data, and even take remote control of the device, in addition to monitoring communications via texts, phone calls, and emails. The operator can receive any data that is gathered in secret.

Any internet-connected gadget can be used to install spyware which will operate without notifying the user. Without comprehensive forensic investigation, it is very challenging to determine whether a device has been compromised.

As per the Apple support page, these kinds of specifically targeted attacks “have historically been associated with state actors, including private companies developing mercenary spyware on their behalf, such as Pegasus from the NSO Group.”

Apple went on to say that mercenary spyware attacks “cost millions of dollars” to launch since very large resources are being deployed against a small group, making them “vastly more complex” than ordinary malware attacks.

Which alerts is Apple sending out?

As per Apple’s statement, the purpose of its threat notifications (as seen in Figure A) is to provide users with information and support regarding potential mercenary malware attacks against them. The alerts may not always indicate that spyware has been installed successfully on the user’s device.

Any device on which a user has logged in with their Apple ID will notify them if there is reason to believe they are being targeted. There’s a notification at the top of the appleid.apple.com webpage, and messages can be delivered via iMessage and email.

The IT giant added that in order to identify mercenary spyware attacks, it used “internal threat-intelligence information and investigations.” However, it is not possible to identify the precise trigger of a threat notification because doing so “may help mercenary spyware attackers adapt their behavior to evade detection in the future.”

Apple clarified that although its investigations “can never achieve absolute certainty,” the threat notifications are “high-confidence alerts” indicating that a device has been the subject of a spyware assault.

“In many cases these forensic checks have confirmed that the devices of people who had received the notifications were indeed targeted and compromised with advance spyware,” stated Amnesty International, citing forensic tests carried out on devices that had received such notifications by them and other civil society organizations.

When did Apple start sending threat notifications?

According to Apple, the company has been sending threat alerts like this since 2021 and does so multiple times a year. To date, users in 150 countries have been notified of a similar attack.

The last time Apple sent out a threat notification was on October 31, 2023, and it was received in multiple countries. The recipients were notified that they were being targeted by “state-sponsored attackers”; since then, Apple no longer uses the state-sponsored term in its threat notification policy, as reported by Reuters. In December 2023, Amnesty International revealed that the Israeli surveillance firm NSO Group was behind the October attack after deploying the spyware Pegasus on journalists.

Apple’s recommendations for customers to safeguard their gadgets from malicious software

According to research, 97% of executives today access work accounts via personal devices; for the C-suite, that number rises to 99%. Employees must take precautions to make sure their device is safe because this opens a backdoor for thieves to use spyware to access critical corporate data.

Apple gives all users the following guidance on how to defend themselves against malware of all kinds:

Update software on devices to the most recent version; this will include security updates.
Use a passcode to secure gadgets.
For your Apple ID, make sure to use a strong password and two-factor authentication.
Install software from the App Store.
When using a password online, be sure it’s strong and distinct.
Avoid clicking on attachments or links from senders you are not familiar with.

https://youtu.be/ta8bZiUImec?si=HiodkL96g0406yHy