Apple Flags "Mercenary Spyware" Threat To Users In 92 Nations, India Is One

Such attacks, Apple said, have "historically been associated with state actors, including private companies developing mercenary spyware on their behalf, such as Pegasus"

New Delhi: 

Months after several Opposition leaders claimed that they received messages warning of "state-sponsored" hackers trying to access their iPhones, the tech giant has sent out a "mercenary spyware" alert to its users in 92 countries, including India. The notification was sent out late last night.

An Apple statement on the notification also mentions Pegasus spyware, which raised a political storm in 2021 over allegations that Opposition leaders were among those snooped on. Following Pegasus developer NSO group's statement that its clients are only vetted governments and their agencies, the Opposition had asked the Centre to come clear on the issue. A Supreme Court panel did not find the spyware in the phones of the 29 complainants in the case.

The Apple statement says the notifications are designed to inform and assist users who may have been individually targeted by mercenary spyware attacks, "likely because of who they are or what they do".

"Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices. Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks," it said.

Such attacks, Apple said, have "historically been associated with state actors, including private companies developing mercenary spyware on their behalf, such as Pegasus from the NSO Group".

"Though deployed against a very small number of individuals - often journalists, activists, politicians, and diplomats - mercenary spyware attacks are ongoing and global. Since 2021, we have sent Apple threat notifications multiple times a year as we have detected these attacks, and to date we have notified users in over 150 countries in total," it said.

How Apple Notifies Users

Detailing how it notifies users suspected to be under a mercenary spyware attack, the tech giant said, "A Threat Notification is displayed at the top of the page after the user signs into appleid.apple.com. Apple sends an email and iMessage notification to the email addresses and phone numbers associated with the user's Apple ID."

The notifications, it said, provide additional steps that users can take to help protect their devices, including enabling a "Lockdown Mode".

Apple said it relies on internal threat-intelligence information and investigations to detect such attacks. "Although our investigations can never achieve absolute certainty, Apple threat notifications are high-confidence alerts that a user has been individually targeted by a mercenary spyware attack, and should be taken very seriously."

What To Do

An Apple threat notification mail accessed by NDTV lists what's to be done if a user has received such an alert. "Apple recommends that you immediately take these actions: enable Lockdown Mode right now on your iPhone in Settings > Privacy & Security > Lockdown Mode. This feature takes only a moment to turn on and offers the strongest protection for users like you who are individually targeted by the most sophisticated digital threats.