Apple warns iPhone users in 92 countries to beware of ‘spyware-for-hire’ attacks

Apple has warned users in several countries that they may be the target of hired spyware attacks. The alert was sent out to iPhone users in 92 countries, and the company did not attribute the attacks to a specific group or disclose the list of countries where users were alerted. Meanwhile, the iPhone maker has also updated its support documentation with details on how these threat notifications work, as well as information about users who may be targeted by the mercenary spyware.

The company has warned users in 92 countries that their iPhones may have been targeted by hired spyware. The company said in an email to users at 12 noon (12:00 PT) on April 10, “Apple has detected that you are being targeted by a hired spyware attack that is attempting to remotely compromise Apple devices related to you. ID -xxx- associated iPhone”. 30am IST on Thursday) Viewed by Gadgets 360.

The email notifies users, asking them to take the warning seriously, adding that Apple has a “high degree of confidence” in the warning – although absolute certainty can never be achieved in detecting such an attack. Apple’s email also noted that it has notified users in 150 countries so far and that the company has not attributed these targeted spyware attacks, including those using software like Pegasus developed by NSO Group to specific attackers or geographic areas.

Apple recommends users who receive threat notification emails to enable Lockdown Mode on their iPhones, a special mode that reduces avenues for spyware attacks by disabling several features. Users are also advised to update to iOS 17.4.1 and keep other devices, messaging and cloud apps updated. Apple also advises users who are targeted by hired spyware to seek expert guidance.

An example of a threat notification displayed on the Apple ID website
Photo credit: Apple

The company also updated its Supporting documents Related to Wednesday’s threat notification is an explanation of how these spyware-for-hire attacks work. Once the company detects activity that appears consistent with a mercenary attack, it sends email and iMessage notifications to users via the email and phone numbers associated with their Apple IDs, respectively. According to the support document, users logged into the Apple ID website will also see a threat notification banner at the top of the page.

Apple’s threat notification support page also informs users that Apple threat notifications will never ask users to click a link, open a file, install an app, and send an Apple ID password or verification code by phone or email to protect them from fraudulent electronic mail impersonators. The email compromise comes from Apple – the latest threat notification does not contain a clickable link and requires users to enter a space-delimited address.