Tech | Visa | Scholarship/School | Info Place

Apple warns iPhone users about hired spyware attacks

Apple sent a threat notification to iPhone users in 92 countries on April 10, informing them that their devices were “the target of a hired spyware attack.” The alert, sent at 12:00 PM PT, tells recipients that attackers are trying to “remotely compromise” their phones and that they are likely to be specifically targeted “because of who you are or what you have done.” Apple’s notification did not name the alleged attacker or specify the location of the recipient.

Apple said on its dedicated support page that iPhone users who receive alerts about the Mercenary spyware attack should seek help from cybersecurity experts.

What does Apple’s latest threat notification say?

The email message has been seen by TechCrunch and Reuters. It reportedly wrote:

“Apple has detected that you are being targeted by a hired spyware attack that attempts to remotely compromise the iPhone associated with your Apple ID -xxx-,

“It is very likely that this attack was specifically targeted to you because of who you are or what you have done. While it is never possible to achieve absolute certainty in detecting such attacks, Apple is confident in this warning – please take it seriously.”

“We are unable to provide additional information about what led us to send you this notification, as this may help hired spyware attackers adapt their behavior to evade detection in the future.

“Spyware-for-hire attacks, such as those using NSO Group’s Pegasus, are extremely rare and much more sophisticated than conventional cybercrime campaigns or consumer malware.”

According to Apple, the notification also includes steps users can take to protect their devices, including enabling Lockdown Mode, in which certain apps, websites, and features are restricted to reduce the spyware attack surface.

What is a mercenary spyware attack?

Spyware-for-hire attacks occur when a third-party entity deploys spyware (malware used for surveillance purposes) onto a target device. The entity does this on behalf of paying customers with the intent of collecting required sensitive information or conducting surveillance without the direct involvement of its sponsors.

Spyware typically infiltrates devices through software vulnerabilities or through deceptive practices such as phishing. Once installed, it can monitor communications such as emails, text messages, and phone calls, track locations, steal passwords, access files, and even remotely control devices. Any data collected can be sent to the operator confidentially.

look: New GoFetch vulnerability in Apple M chips leads to key leaks on infected computers

The spyware will run without alerting the user and can be deployed on any device connected to the internet. Without detailed forensic analysis, it’s difficult to know whether a device has been infected.

According to the Apple support page, individual targeted attacks of this nature “have historically been associated with state actors, including private companies developing spyware for hire on their behalf, such as NSO Group’s Pegasus.”

Apple added that mercenary spyware attacks are “much more sophisticated” than typical malware attacks and cost “millions of dollars” to deploy due to the large amount of resources used to target a small group of people.

What are Apple’s threat notifications?

Apple says its threat notification (Figure A) “Intended to inform and assist users who may be the target of hired spyware attacks.” These notifications do not necessarily mean that spyware has been successfully implanted on a user’s device.

Figure A

Screenshot of a threat notification appearing on the Apple ID website.
Screenshot of a threat notification appearing on the Apple ID website.Image: Apple

If a user is suspected of being targeted, they will receive a notification on any device signed in with their Apple ID. Messages are sent via email and iMessage, and notifications appear at the top of the web page.

The tech giant said it uses “internal threat intelligence information and investigations” to detect spyware-for-hire attacks, but could not reveal exactly what triggered the threat notification “as this may help spyware-for-hire attackers tailor their behavior to Evade future detection.”

Apple added that threat notifications are “high-confidence alerts” that a device has been targeted by spyware, but that its investigation “can never reach absolute certainty.”

According to Amnesty International, they and other civil society groups have conducted forensic tests on devices that have received such notifications, reporting: “In many cases, these forensic examinations have confirmed that the devices of people who have received notifications have indeed been compromised. Attack targeting and damage. Advanced spyware.”

When will Apple start sending threat notifications?

According to Apple, the company has been sending such threat alerts since 2021 and does so multiple times a year. To date, users in 150 countries have been notified of similar attacks.

Apple last issued a threat notification on October 31, 2023, and multiple countries/regions received the notification. Recipients were informed that they were being targeted by “state-sponsored attackers”; since then, Apple has stopped using the term state-sponsored in its threat notification policy, Reuters reported. In December 2023, Amnesty International revealed that Israeli surveillance company NSO Group was behind the October attacks after deploying the spyware Pegasus to journalists.

Apple’s recommendations for users to protect their devices from malware

The study found that 97% of executives now access work accounts through personal devices, with this number increasing to 99% among C-suite executives. This creates a backdoor for cybercriminals to access sensitive corporate data via spyware, so employees must take steps to keep their devices secure.

look: Mobile device security policy (Technology Republic Advanced Edition)

Apple provides the following recommendations to all users to help protect themselves against all types of malware:

  • Update your device to the latest software, as it includes the latest security fixes.
  • Protect your device with a password.
  • Use two-factor authentication and a strong password for your Apple ID.
  • Install the app from the App Store.
  • Use strong, unique passwords online.
  • Don’t click on links or attachments from unknown senders.

#Apple #warns #iPhone #users #hired #spyware #attacks

Leave a Reply

Your email address will not be published. Required fields are marked *