Thursday, April 11, 2024

Apple Alerts Users to Mercenary Spyware Attacks

Manish Singh (via Hacker News, MacRumors, Reddit):

Apple sent threat notifications to iPhone users in 92 countries on Wednesday, warning them that they may have been targeted by mercenary spyware attacks.


Apple previously described the attackers as “state-sponsored” but has replaced all such references with “mercenary spyware attacks.”


Apple threat notifications are designed to inform and assist users who may have been individually targeted by mercenary spyware attacks, likely because of who they are or what they do. Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices. Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks.

According to public reporting and research by civil society organizations, technology firms, and journalists, individually targeted attacks of such exceptional cost and complexity have historically been associated with state actors, including private companies developing mercenary spyware on their behalf, such as Pegasus from the NSO Group. Though deployed against a very small number of individuals — often journalists, activists, politicians, and diplomats — mercenary spyware attacks are ongoing and global. Since 2021, we have sent Apple threat notifications multiple times a year as we have detected these attacks, and to date we have notified users in over 150 countries in total.


Although our investigations can never achieve absolute certainty, Apple threat notifications are high-confidence alerts that a user has been individually targeted by a mercenary spyware attack, and should be taken very seriously. We are unable to provide information about what causes us to issue threat notifications, as that may help mercenary spyware attackers adapt their behavior to evade detection in the future.


Update (2024-04-12): Howard Oakley:

The majority of emails and almost all messages purporting to be from Apple are scams.


With one notable exception, Apple doesn’t know whether your Mac or devices have any malware, and can’t tell you if they do. Any message that tries to tell you otherwise is phishing or scam.


Instead, if you think you have received a threat notification from Apple, sign in to, where you should see confirmation that those messages are genuine.

Update (2024-04-26): Kirk McElhearn and Joshua Long:

Let’s examine the reasons why Apple might legitimately contact you (and how they’ll do so), and how to recognize scams.

1 Comment RSS · Twitter · Mastodon

And I'm pretty sure has absolutely nothing to do at all with them being forced to open the ecosystem and seeding fear among their users. This is not a FUD exercise nor a panic campaign, because they're not sending those messages to unemployed students:

Leave a Comment