Apple has issued a new spyware warning to iPhone users in 92 countries, after it found they had been targeted in attacks. Apple users were alerted of the attacks via a notification email seen by Reuters.
In India and 91 other countries, victims of the spyware attack were informed that adversaries had attempted to “remotely compromise the iPhone.”
“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-,” the alert reads.
“This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning—please take it seriously.”
The new iPhone attack apparently aimed to install the malicious software on the device to spy on a user’s data and location. Apple has sent these emails before, with multiple alerts going out to over 150 countries since 2021, according to the email sent out by the iPhone maker.
Apple did not disclose where the attack came from, but spyware attacks are typical of nation state actors. In 2021, Apple sued Israeli firm NSO Group for its part in attacks on iPhone users.
Why Apple Issues Regulator iPhone Updates
Over the last few years, Apple has issued an increasing number of iOS updates to address holes that could have been used for spyware attacks. Some of these come as emergency security updates, especially when an iPhone flaw is already being used in attacks.
Spyware attacks are scary because the malware can be delivered in a so-called zero-click attack which requires no interaction from an iPhone user. One example is a malicious image that can be sent over iMessage or WhatsApp.
If iPhone spyware attacks such as these are successful, they allow adversaries to completely take over the device. Attackers can listen in to calls, read emails—and even access apps such as WhatsApp and Signal, because they can see everything on your iPhone’s screen.
New iPhone Spyware Warning—What To Do
This might sound worrying, but spyware attacks only target a specific subset of users, usually journalists, dissidents, government workers and businesses operating in certain sectors. If this applies to you, Apple has introduced Lockdown Mode to use on your iPhone. It does reduce your iPhone’s functionality, but it’s worth it if you fall into this group and might be at risk.
“These are likely to be highly targeted attacks, on specific people, so ordinary iPhone users don’t have anything to be too concerned about,” says Sean Wright, head of application security at Featurespace.
Even so, he recommends all iPhone users apply security best practices. “Ensure that you apply the latest update, only install apps from trusted sources and apply some scrutiny to those apps—such as reviewing the permissions.”
Other tools such as VPNs “may have some limited benefit,” Wright says. “It will largely depend where the attack is from and how the new spyware works, for example if it scraps the data before network traffic is transmitted and received.”
Spyware has increasingly targeted iPhone users over the last few years, with famous iterations including Pegasus and more recently, Reign.
Signs your iPhone may have been targeted by spyware include slowing of the device, fast draining battery, or overheating. Aside from changes to the way your iPhone is working, an orange or green dot could be a sign your device has been taken over. Apple shows an Orange dot when the mic is in use and a green dot when the camera is on. This could be legitimate if you are on the phone or a videocall, but if your iPhone is not in use, look into it ASAP.
If you do suspect spyware is on your iPhone, in some cases turning it off can disrupt the malware temporarily.
If you have received the alert from Apple, you can contact human rights organization Amnesty International’s Security Lab, which offers digital forensic support to at risk human rights defenders, activists, journalists and members of civil society.
“If you are a member of civil society, and you have received an Apple notification, you can contact us and request forensic support using our Get Help form,” a notice on Amnesty International’s website reads.
Experts recommend if you do find spyware, back up your iPhone first to preserve evidence before taking steps to address it.
Experts Have Their Say
More experts have weighed in on Apple’s recent spyware alerts, with Javvad Malik, lead security awareness advocate at KnowBe4 calling the notification from Apple “particularly alarming, when looking at the scale and precision of this campaign.”
“When a company like Apple, known for its robust security measures, raises an alarm across 92 countries, it underscores not just the sophistication, but the audacity of these attackers,” he says.
The phrase “mercenary spyware attack,” stands out as important, says Malik. “This isn’t about broad nets cast wide in the hope of catching unsuspecting users. It’s a clear, sharp spear aimed with precision with tools that are now available to the highest bidder, regardless of their motives.”
This makes it particularly important for individuals in positions of influence or with access to sensitive information to be vigilant about their digital security, says Malik. “Apple’s proactive stance in notifying affected users and the broader public is commendable.”
However, Brian Higgins, security specialist at Comparitech thinks the iPhone maker should have offered more help to affected users. “It’s rather a disappointing buck-passing exercise for Apple to direct them to a third party, non-profit security helpline, given the history of implications for individual targets in previous incidents. You’d think as proprietors of a vulnerable platform, they would offer to help out themselves.”
Apply iOS Updates To Address Spyware
Overall, every iPhone user should be ensuring their iOS software is up to date—the latest version is iOS 17.4.1. Apple might also release a new iOS update to patch the holes used for this latest spyware attack, or the iPhone maker might have even patched it already.
—
Update 04/12 07:30am EST. This article was first published on 04/11 at 07:31am EST. Updated to include more information about finding and mitigating spyware and to add expert analysis.