Apple has notified iPhone users in 100 countries that their devices have been infected with spyware, implying that it may be NSO’s Pegasus.
The company has warned victims to take it seriously, and to immediately take a number of security actions in response. One of the recipients has shared almost the entire message, the first time I can recall seeing more than a brief excerpt …
Apple alerts spyware victims
Our NSO guide explains the background to the main iPhone spyware used for these attacks. The tl;dr version is that the Israeli company makes Pegasus spyware to compromise iPhones, and sells it to governments – without being too picky about which ones. In many countries, attacks have been made against journalists, political opponents, human rights activists, lawyers, and more.
Apple of course seeks to block this spyware each time a new version is detected, but the sophistication of the attacks can make this difficult.
Apple introduced a new level of protection back in 2021. It added code to iOS which aims to detect when an iPhone has been compromised even when the specific attack mechanism is unknown. Apple then sends alerts to victims.
Apple threat notifications are designed to inform and assist users who may have been targeted by state-sponsored attackers. These users are individually targeted because of who they are or what they do. Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent.
Victims are alerted by iMessage, email, and a notification on the Apple ID website.
Victims in 100 countries alerted this week
TechCrunch reports that Apple has this week sent spyware alerts to victims in 100 countries. While only two people have as yet identified themselves, Apple’s message includes the reference to the number of countries involved.
One of the victims, Dutch right-wing activist Eva Vlaardingerbroek, shared almost the entirety of the message from Apple, which you can read below.
The company doesn’t specify the spyware, but does specifically reference Pegasus as an example.
9to5Mac’s Take
Apple’s ability to detect signs of a spyware attack even when the mechanism is unknown is a powerful defence against these attacks. The company is careful to reveal nothing about how it is able to detect a compromised phone, to prevent companies like NSO attempting to evade this detection.
The text of Apple’s alert
You can read here what Vlaardingerbroek says is most of the message from Apple:
ALERT: Apple detected a targeted mercenary spyware attack against your iPhone
Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple Account This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning – please take it seriously.
Mercenary spyware attacks, such as those using Pegasus from the NSO Group, are exceptionally rare and vastly more sophisticated than regular cybercriminal activity or consumer malware. These attacks cost millions of dollars and are individually deployed against a very small number of people, but the targeting is ongoing and global. Since 2021, we have sent Apple threat notifications like this one multiple times a year as we detect mercenary spyware attacks.
Today’s notification is being sent to targeted users in 100 countries, and to date we have notified users in over 150 countries in total. The extreme cost, sophistication, and worldwide nature makes mercenary spyware attacks some of the most advanced digital threats in existence today. As a result, Apple does not attribute the attacks or the notice you’re receiving to any specific attackers or geographical regions.
Apple recommends that you immediately take these actions:
Enable Lockdown Mode right now on your iPhone in Settings > Privacy & Security >
Lockdown Mode. This feature takes only a moment to turn on and offers the strongest protection for users like you who are individually targeted by the most sophisticated digital threats.Update your iPhone to the latest software version, iOS 18.4.1, if you haven’t already. We urge you to always update to the latest software as soon as it’s available, as it contains the latest security protections. To update, go to Settings > General > Software Update.
Update any other Apple devices you use to the latest software. Enable Lockdown Mode on each Mac and iPad you use. You will only need to do this once for each device.
Update your messaging and cloud apps to the latest available versions, as they contain the most up-to-date security improvements.
Enlist expert help, such as the nonprofit, rapid-response emergency security assistance provided by the Digital Security Helpline, which is available 24 hours a day, seven days a week. For contact information, please see support.apple.com/102174.
Some mercenary spyware attacks require no interaction from you, and others rely on tricking you into clicking a malicious link or opening an attachment in an email, SMS, or other message. These attempts can be quite convincing, ranging from fake package-tracking updates to custom-crafted, emotional appeals claiming a named family member is in danger. Be cautious with all links you receive, and don’t open any links or attachments from unexpected or unknown senders.
Mercenary spyware attackers are often persistent and will likely also try to target you through other channels, devices, and accounts not associated with Apple. Experts can provide the best advice for your specific circumstance, but if you are unable to reach an expert, as an additional precaution, change your passwords for any sensitive websites and services that you have accessed from your iPhone. If these attacks were successful in compromising your iPhone, they may have stolen your credentials for other services.
We are unable to provide more information about what caused us to send you this notification, as that may help mercenary spyware attackers adapt their behavior to evade detection in the future. Apple threat notifications like this one will never ask you to click any links, install an app or profile, or provide your Apple Account password.
Highlighted accessories
Photo by Moritz Kindler on Unsplash
FTC: We use income earning auto affiliate links. More.
