em360tech image

Apple has warned customers around the world that they may have fallen victim to ‘mercenary spyware attacks' that allow hackers to 'remotely compromise' their iPhones.

In a  notification email, sent to users in 92 countries, the tech giant informed users that hackers have tried to "remotely compromise the iPhone," on multiple occasions, warning users to enter "lockdown mode" to keep their devices secure. 

"Apple detected that you are being targeted by a mercenary spyware attack," the email read, "this attack is likely targeting you specifically because of who you are or what you do."

"If your device is compromised by a targeted mercenary spyware attack, the attacker may be able to remotely access your sensitive data, communications, or even the camera and microphone," the notification email continued.

Mercenary attacks, compared to other cybercrimes or consumer malware, stand out due to their rarity and complexity. Apple has since set up a help page “to inform and assist users who may have been individually targeted by mercenary spyware attacks.”

Apple's threat notifications function as an early warning system, alerting users who may have been specifically targeted by advanced mercenary spyware. Mercenary spyware deployments involve substantial resources and planning to infiltrate a limited number of high-value targets and their devices.

Read: 5 Ways  to Avoid Malware Attacks on Business Socials

The cost and complexity associated with these targeted attacks make them less frequent but potentially more impactful. The vast majority of users will likely never be targeted by this kind of attack.

Mercenary spyware attacks, while focused on a select group of individuals like journalists, activists, politicians, and diplomats, are a global phenomenon with ongoing activity.

Since 2021, Apple has issued multiple threat notifications annually based on detected attacks, with users in over 150 countries notified to date.

Due to the extreme cost, sophistication, and global reach of these attacks, Apple does not attribute them to specific attackers or geographical regions.

Apply Spyware Attack Threat Notification

If you have been targeted by this attack Apple will let you know either by a Threat Notification that will displayed at the top of the page after the user signs into their Apple ID account or via email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.

This notification will then walk users through additional steps that can be taken to help protect devices. Users may be prompted to have their device enter ‘lockdown mode’.

apple spyware threat notification
Apple iPhone Threat Notification shared online.

Apple describes ‘lockdown mode’ as ‘an optional, extreme protection that’s designed for the very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats’. 

Enabling Lockdown Mode on Apple devices prioritizes security by restricting some functionalities. This includes blocking most message attachments, limiting web browsing features, and restricting calls and features in FaceTime.

Sharing on Apple services like Photos and connecting to devices become more secure but require additional user confirmation. Additionally, automatic connections to unsecured Wi-Fi networks are disabled, and some cellular connectivity options are limited.

Read: Biggest Cyber Attacks in History

When using an iPhone ensure you have the basic safety features covered. Regularly update your IOS to ensure you have the most recent security patches to combat new threats.

Next, create a strong and unique password for each of your accounts. Resist the urge to reuse passwords, and consider using a password manager to generate and store complex ones.

Whenever available, enable multi-factor authentication. This adds an extra layer of security by requiring a second verification code, alongside your password, when logging in.