Apple says to take spyware attack alerts seriously and outlines steps to take to protect your device and data
If you’re an iPhone user, be on high alert. Apple recently sent notifications to users in 92 countries, warning them that they may be targeted by mercenary spyware attacks. This follows a similar notification campaign in October 2023 that focused on “state-sponsored attackers,” according to TechCrunch.
The mercenary spyware warning, sent on April 10, 2024, informs users that their iPhones “are being targeted by a mercenary spyware attack that is trying to remotely compromise” their device, according to a notification viewed by TechCrunch. The notification added, “This attack is likely targeting you specifically because of who you are or what you do.”
While the exact nature of the attacks or the identities of the attackers remain unknown, Apple emphasizes the seriousness of the situation. “Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously,” the notification reads.
This isn’t the first time Apple has issued such warnings. The company has notified users in over 150 countries about targeted attacks since 2021. It’s important to note that mercenary spyware attacks are typically very expensive and target a small group of individuals, often journalists, activists, politicians, and diplomats.
While Apple hasn’t revealed which countries were included in the latest notification round, sources familiar with the matter told The Economic Times that Indian users were among those targeted. This aligns with Apple’s previous notification to Indian lawmakers in October 2023, which Amnesty International later linked to the Israeli spyware firm NSO Group’s Pegasus software.
While the specifics remain under wraps, Apple’s notification serves as a stark reminder of the ever-present threat of cyberattacks. If you’ve received such a notification, it’s crucial to follow Apple’s recommendations, which likely include changing your Apple ID password and enabling two-factor authentication for an extra layer of security. Apple has also updated its support page to explain threat notifications and what to do if you receive one (please see below).
Staying vigilant and informed about cybersecurity threats is essential for everyone, especially those who may be considered high-value targets. By following Apple’s security recommendations and staying updated on the latest threats, iPhone users can take steps to protect themselves from these sophisticated attacks.
Here’s what to do if you get a warning from Apple about a spyware attack, especially considering these are likely “mercenary spyware attacks” which are very serious:
If Apple detects activity consistent with a mercenary spyware attack, we notify the targeted users in two ways:
- A Threat Notification is displayed at the top of the page after the user signs into appleid.apple.com.
- Apple sends an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.
These notifications provide additional steps that notified users can take to help protect their devices, including enabling Lockdown Mode.
Take it seriously: Apple doesn’t send these warnings lightly. This type of spyware is complex and targets specific individuals, so if you receive a warning, you’re likely a high-value target.
Seek expert help: Apple recommends contacting the Digital Security Helpline, a service by Access Now that provides 24/7 emergency assistance in these situations. Outside organisations do not have any information about what caused Apple to send a threat notification, but they can assist targeted users with tailored security advice. Amnesty International’s Security Lab is another resource that can offer guidance.
Enable Lockdown Mode: This is a new feature in iOS that limits certain features and functionalities to reduce the potential attack surface for spyware https://support.apple.com/en-us/102174.
Consider a device wipe: This is a drastic step, but it may be necessary to ensure your device is free of spyware. A security expert can help you weigh the risks and benefits of this option.
Here are some additional things to keep in mind:
Don’t ignore the warning: Even if you don’t think you’re a target, it’s important to take precautions.
Change your passwords: This includes your Apple ID password, as well as any other passwords you use frequently.
Be mindful of what you click on: Phishing emails and malicious links are common ways to spread spyware.
Consider purchasing an ad blocker:
TechCrunch also suggests ad blockers as a defence against spyware, including government-made spyware, that can be delivered through malicious ads. Here are the key takeaways:
Spyware makers are using ads to target individuals: Advertisers can inject spyware into seemingly normal ads. If a user clicks on the ad or visits a compromised website, their device can be infected.
Ad blockers can help prevent these attacks: Ad blockers stop these malicious ads from loading, making it more difficult to be infected with spyware this way.
Security experts recommend ad blockers: The FBI and security researchers advise using ad blockers as a security measure.