Apple has issued a new round of threat notifications to iPhone users in 98 countries, alerting them to the rising threat of mercenary spyware attacks.
This is the second alert campaign from the tech giant this year, following a similar notification sent to users in 92 countries in April.
Since 2021, Apple has been consistently warning users in over 150 countries about these security threats.
The latest warnings reveal how these unending malicious actors exploit vulnerabilities in iPhone devices. “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID,” reads the company’s notification to affected users.
The attacks are personalised in nature and are often aimed at specific individuals based on their identity or occupation.
The new twist in Apple’s approach is the characterisation of these attacks as “mercenary spyware” rather than the previously used term “state-sponsored.”
This shows the evolving nature of cyber threats, where private groups, often operating for profit, deploy sophisticated spyware against high-value targets.
The Phobos ransomware group has been notably active in these, with reports of attacks on various sectors, including government agencies, financial institutions, healthcare services, and NGOs.
One outstanding aspect of this latest alert is the inclusion of users in India, among other countries. In October, several Indian journalists and politicians received similar warnings, which were later linked to the Pegasus spyware developed by the Israeli firm NSO Group.
Amnesty International’s investigation confirmed the presence of this invasive software on the devices of prominent Indian figures.
Apple has cautioned that revealing additional details could aid attackers in evading future detection. To combat these threats, Apple relies solely on internal threat intelligence and investigations.
Users who receive these warnings are advised to take immediate steps to protect their devices. Apple recommends updating to the latest version of iOS and enabling the built-in Lockdown Mode, which limits the functionality of several features to reduce the attack surface.
The company also reminds users that its threat notification emails do not contain clickable links or requests for Apple ID credentials, installation of apps, or downloading of files to avoid phishing scams.
