Apple Warns iPhone Users of ‘Mercenary Spyware’ Attack in 92 Countries

Apple has warned users in several countries that they might have been the target of a mercenary spyware attack. The alert was issued to iPhone owners in 92 countries and the company has not attributed these attacks to specific groups and has not revealed a list of countries where users were alerted. Meanwhile, the iPhone maker has also updated its support document with details on how these threat notifications work, along with information for users who might have been targeted by mercenary spyware attacks.

The company has warned users in 92 countries that their iPhone might have been targeted with mercenary spyware. “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-,” the company says in the email sent out to users on April 10 at 12pm PT (12:30am IST on Thursday) viewed by Gadgets 360.

The email informs users asks users to take the warning seriously, adding that that Apple has “high confidence” in the warning — even though it is never possible to achieve absolute certainty when detecting such attacks. Apple’s email also states that it has notified users in 150 countries to date, and the company does not attribute these targeted spyware attacks — including those using software like Pegasus developed by NSO Group — to specific attackers or geographic regions.

Apple has advised users who received the threat notification email to enable Lockdown Mode on their iPhone — a special mode that reduces the avenues for spyware attacks by disabling several features. Users are also advised to update to iOS 17.4.1 and keep other devices, messaging, and cloud apps updated. Users targeted by mercenary spyware are also advised by Apple to enlist expert guidance.

An example of the threat notification displayed on the Apple ID website
Photo Credit: Apple

The company also updated its support document related to threat notifications on Wednesday, explaining how these mercenary spyware attacks work. Once the company detects activity that appears to be consistent with a mercenary attack, it sends an email and iMessage notification to users on their Apple ID-associated email and phone numbers, respectively. Users who sign in to the Apple ID website will also see a Threat Notification banner at the top of the page, according to the support document.

Apple’s threat notifications support page also informs users that Apple threat notifications never ask users to click links, open files, install apps, and send their Apple ID password or verification code over the phone or via email, to protect them from fraudulent emails pretending to originate from Apple — the latest threat notification doesn’t include clickable links and asks users to type in addresses that are separated by spaces.


Affiliate links may be automatically generated – see our ethics statement for details.

Comments (0)
Add Comment