Apple Inc. has notified iPhone users in 92 countries that their devices were likely targeted by mercenary spyware.
The company alerted affected individuals via email and iMessage on Wednesday afternoon. “Apple has determined that you are being targeted by a secondary attack that attempts to remotely compromise the iPhone associated with your Apple ID,” the alert said.
The company did not disclose how many users were affected or where they were located. According to TechCrunch, some of the affected people are in India. Apple announced this week that it has distributed Mercenary spyware alerts to users in more than 150 countries since 2021.
Around the same time the company sent out this week’s round of notifications, it updated its Support Articles on the subject. The page states that Apple’s definition of mercenary spyware attacks includes state-sponsored hacking campaigns. The company cites hacker attacks using the Pegasus malware from NSO Group Ltd. as an example of such an attack.
At least some versions of Pegasus targeted victims via iMessage. According to researchers at Google LLC, these versions spread via a malicious message that can be activated even if the user does not click on it. Once it infects a device, Pegasus covers its tracks by deleting files on the victim’s iPhone that could be used to detect the attack.
In 2021, Apple updated iOS with a cybersecurity mechanism called BlastDoor to make iMessage more secure. Accordingly 9to5MacThe feature opens messages in an isolated sandbox from which malicious code cannot spread. The sandbox isolates iMessage from both other apps and the underlying operating system.
Last year, researchers discovered a new version of Pegasus that managed to bypass BlastDoor. To do this, the malware exploited a vulnerability in HomeKit, an iOS framework that allows users to configure smart home devices with their iPhones. Pegasus used HomeKit to crash a key component of BlastDoor, making it easier to spread malware via iMessage.
Apple released a patch for the error shortly after the error became known. Additionally, the company has developed a second cybersecurity feature called Lockdown Mode, also designed to protect users from mercenary spyware. The feature reduces an iPhone’s attack surface by disabling software features that can be used by hackers to spread malware.
“Apple relies solely on internal threat intelligence and investigations to detect such attacks,” the company said in spyware alerts it distributed this week. “Although our investigations can never achieve absolute certainty, Apple’s threat notifications are very trustworthy warnings that a user is individually affected by a mercenary spyware attack and should be taken very seriously.”