In April 2024, we reported how Apple was warning people of mercenary attacks via its threat notification system. At the time it warned users in 92 countries. In a new round, Apple is now warning users in 98 countries of potential mercenary spyware attacks.
The message sent to the affected users says:
“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID.”
In the same message, Apple says that it is very likely that the person in question is being specifically targeted because of what they do or who they are. And, although there is a certain margin of error, the user should take this warning seriously.
Mercenary spyware is used by governments to target people like journalists, political activists, and similar targets, and involves the use of sophisticated tools like Pegasus. Pegasus is one of the world’s most advanced and invasive spyware tools, known to utilize zero-day vulnerabilities against mobile devices.
On the website that explains Apple threat notifications and protection against mercenary spyware, it specifically mentions Pegasus:
“According to public reporting and research by civil society organizations, technology firms, and journalists, individually targeted attacks of such exceptional cost and complexity have historically been associated with state actors, including private companies developing mercenary spyware on their behalf, such as Pegasus from the NSO Group.”
Apple has sent out similar notifications multiple times a year since 2021 but doesn’t disclose how it determines who to send them to, since that might aid attackers in evading future detection.
Amnesty International urges those that have received such a notification to take it seriously. Amnesty’s Security Lab offers digital forensic support to potential victims like human rights defenders, activists, journalists and members of civil society.
If you are a member of civil society, and you have received an Apple notification, you can contact Amnesty International and request forensic support using the Get Help form.
Whether you’ve received that notification or not, every iPhone user should make sure they have the latest updates, protect the device with a passcode, use multi-factor authentication and a strong password for Apple ID, only install apps from the Apple Play store, use a mobile security product, and be careful what they open or tap on.
People that have reason to believe they might be individually targeted by mercenary spyware attacks, can enable Lockdown Mode on their Apple devices for additional protection.
Lockdown Mode does the following:
- Blocks most message attachments
- Blocks incoming FaceTime calls from people you have not called previously
- Blocks some web technologies and browsing features
- Excludes location from shared phots and removes Shared Albums
- Blocks wired connections when the device is locked
- Blocks auto-joining non-secure WiFi networks
- Blocks incoming invitations from people you have not previously invited
- Blocks installation of configuration profiles you may require for work or school
How to turn on Lockdown Mode on iPhone or iPad
- Open the Settings app.
- Tap Privacy & Security.
- Scroll down, tap Lockdown Mode.
- Tap Turn On Lockdown Mode.
- Read what it does and tap Turn On Lockdown Mode if that is what you want.
- Tap Turn On & Restart, then enter your device passcode.
We don’t just report on phone security—we provide it
Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.
Summer mega sale
Go into your vacation knowing you’re much more secure: This summer you can get a huge 50% off a Malwarebytes Standard subscription or Malwarebytes Identity bundle. Run, don’t walk!