Apple Warns Users in 92 Countries About Mercenary Spyware Attacks

[MacRumors]

Apple on Wednesday sent threat notifications to users in 92 countries warning that they may have been targeted by mercenary spyware attacks, likely because of who they are or what they do.

According to TechCrunch, Apple sent the alerts to the individuals at 12 p.m. Pacific Time, delivered via email and iMessage using the contact details associated with the user's Apple ID. A notification also appears at the top of the page if the user signs into appleid.apple.com.

"Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-," the company wrote in the warning to affected customers. "We are unable to provide more information about what caused us to send you this notification, as that may help mercenary spyware attackers adapt their behavior to evade detection in the future."

"This attack is likely targeting you specifically because of who you are or what you do. Although it's never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously," added the warning.

In an updated support document, Apple said it has sent similar threat notifications to users in over 150 countries since 2021. "The extreme cost, sophistication, and worldwide nature of mercenary spyware attacks makes them some of the most advanced digital threats in existence today," said the company. "As a result, Apple does not attribute the attacks or resulting threat notifications to any specific attackers or geographical regions."

Last October, Apple sent similar warnings to some journalists and politicians in India. Soon after, nonprofit advocacy group Amnesty International reported that it had found Israeli cyber-arms company NSO Group's invasive spyware Pegasus on the iPhones of prominent journalists in India. Users in India are among those who received the latest threat notifications, according to people familiar with the matter who spoke to TechCrunch.

The alerts come at a time when many nations are preparing for democratic elections. Apple previously described the attackers as "state-sponsored" in the support document, but has replaced those references with "mercenary spyware attacks." The warning to customers reads: "Mercenary spyware attacks, such as those using Pegasus from the NSO Group, are exceptionally rare and vastly more sophisticated than regular cybercriminal activity or consumer malware."

Apple advises those who have received a threat notification to seek expert help, such as the rapid-response emergency security assistance provided by the Digital Security Helpline at the nonprofit Access Now. Apple threat notification recipients can contact the Digital Security Helpline 24 hours a day, seven days a week through their website.

Users who have not received an Apple threat notification but have good reason to believe they may be individually targeted by mercenary spyware attacks are advised to enable Lockdown Mode on their devices for additional protection.

Article Link: Apple Warns Users in 92 Countries About Mercenary Spyware Attacks

 

[contacos]

In case you are wondering what it actually looks like:

(from a reddit user last night)

 

[madmin]

I use imazing to check for these, doing so actually found Pegasus on a friends iPhone a few years ago.

 

[Titillating Bustline]

Yesterday, I had a random prompt to validate my Apple ID on my iPad Pro 2nd gen, iPadOS 17.4.1.

I was in a rush, so I just canceled it out. But later noticed my device functioned very slowly. About six hours later I rebooted and performance was restored.

 

[cyanite]

Yesterday, I had a random prompt to validate my Apple ID on my iPad Pro 2nd gen, iPadOS 17.4.1.

I was in a rush, so I just canceled it out. But later noticed my device functioned very slowly. About six hours later I rebooted and performance was restored.

Might be unrelated. Exploits don’t survive a reboot, though.

 

[chmania]

In case you are wondering what it actually looks like:

(from a reddit user last night)

Funny that Apple knows that the attackers are "state-sponsored" 😏

 

[contacos]

Funny that Apple knows that the attackers are "state-sponsored" 😏

Well the NSO group is from Israel and their biggest client was Mexico before others bought it as well. The UAE also received access to Pegasus as part of their befriending (3?) years ago.

An example: https://www.democracynow.org/2017/7/12/mexico_spied_on_human_rights_investigators

 

[Darren.h]

Am I glad I switched to the Samsung S24 and gave up using an iPhone.

My iPhone got badly hacked by that Israeli software 6 months ago. I real nightmare. Had to throw the phone out it was so badly hacked.

Seems nowadays iPhones get targeted with spyware even worse than Android.

 

[SpotOnT]

Funny that Apple knows that the attackers are "state-sponsored" 😏

That is because that is the only people paying to use this stuff now.

It is state developed software, sold to other states.

 

[SpotOnT]

Am I glad I switched to the Samsung S24 and gave up using an iPhone.

My iPhone got badly hacked by that Israeli software 6 months ago. I real nightmare. Had to throw the phone out it was so badly hacked.

Seems nowadays iPhones get targeted with spyware even worse than Android.

Android just doesn’t bother notifying you when you are hacked?

 

[Chiromac81]

I use imazing to check for these, doing so actually found Pegasus on a friends iPhone a few years ago.

What is that? An app? Should we all be looking for Pegasus using this?

 

[madmin]

What is that? An app? Should we all be looking for Pegasus using this?

Yes, it's great for lots of things, managing devices, backups, upgrades, spyware scans, take a look:

https://imazing.com/

(I'm not affiliated btw)

 

[Ael_MR]

I wasn't aware that people are safer on android or that hacks of this nature are common on iPhone. Thanks for this enlightening information. I will consider myself warned on the dangers of iPhone and it's lax security.

btw this is sarcasm in response to some of the replies for those who are already disliking my comment.

 

[chmania]

That is because that is the only people paying to use this stuff now.

It is state developed software, sold to other states.

That kind of software is quite expensive to use it to look inside an ordinary person's phone. It. could be that there's some bug in iOS that Apple's trying to hide talking about "state-sponsored" hacking.

 

[madmin]

It's just a fact of life that people who are targets of these types of attacks often prefer iPhones over Android devices

but in any case there are similar spywarez for both systems

 

[DBZmusicboy01]

Tim Cook needs to retire immediately at this point.

 

[klasma]

Exploits don’t survive a reboot, though.

Some have in the past, and new ones might again. It really depends on the vulnerabilities present.

 

[klasma]

btw this is sarcasm in response to some of the replies for those who are already disliking my comment.

I suspect that those disagreeing read the sarcasm correctly.

 

[laptech]

Pegasus needs a delivery system to infect an iphone so it begs the question what delivery system is being used? is it email?, a website? an imessage? and more to the point, why isn't Apple making it's users aware of what potential delivery system is being used so users can be cautious of that system rather than just say to keep an eye out for Apple's spyware warning.

 

[klasma]

That kind of software is quite expensive to use it to look inside an ordinary person's phone. It. could be that there's some bug in iOS that Apple's trying to hide talking about "state-sponsored" hacking.

It could not only be, it is 100% certain. The ability to hack iOS always means that there's bug that is being exploited. (Unless Apple intends their devices to be hackable.)

 

[Danilamak]

NSO’s Pegasus doesn't wave a magic wand; it exploits vulnerabilities acquired on the black market or within the company. The less time Apple spends on system stability, the easier it becomes for governments to hack those they consider threats, having full access to everything on the device, including the camera and microphone.

This is not just complaining about bugs; it's complaining about the fact that the device not only works poorly but also is unsafe, especially in discussions about the security of alternative stores.

 

[madmin]

Pegasus needs a delivery system to infect an iphone so it begs the question what delivery system is being used? is it email?, a website? an imessage? and more to the point, why isn't Apple making it's users aware of what potential delivery system is being used so users can be cautious of that system rather than just say to keep an eye out for Apple's spyware warning.

It used to be an sms with a link you had to click on for it to infect. Later they developed the capacity to infect you with an sms that didn't need user intervention and even deleted itself before notification, so basically you had no way of knowing. Apple and the various other tech firms have been at war with the spyware industry for years now. That's why zero day exploits are worth so much money.

Meta took NSO to court in the US for hacking Whatsapp as well...

 

[contacos]

Pegasus needs a delivery system to infect an iphone so it begs the question what delivery system is being used? is it email?, a website? an imessage? and more to the point, why isn't Apple making it's users aware of what potential delivery system is being used so users can be cautious of that system rather than just say to keep an eye out for Apple's spyware warning.

If Apple had known at that point, they would have already closed the exploit. Also, if you are a journalist, I hope you do have Lockdown Mode activated anyway. At least while investigating something sensitive.

It’s a cat and mouse game

 

[Robert.Walter]

It would be good if Apple published statistics about the state of a user’s phone software when it came under attack.

Was it up to date? How far behind was it? How did hack occur, by mail, message, app or by hardware port, etc.

 

[vegetassj4]

“We are unable to provide more information about what caused us to send you this notification”

This might be paranoid, but…..
Our spying on you, let us know someone else may be spying on you?

Then again, I guess Apple could see IP addresses from known bad actors attempting to access particular Apple IDs, or some such other strange traffic.

I haven’t had my coffee yet.