Apple Inc. has cautioned its iPhone users of a possible "mercenary spyware attack" that could remotely compromise their devices. In a threat notification mail released on July 10, the company informed users in India and 97 other countries of Pegasus-type attacks. Earlier in April, the company issued a similar spyware alert when it warned iPhone users in 92 countries that they had been targeted by such cyber-attacks.
In its email, Apple wrote, "Mercenary spyware attacks, such as those using Pegasus from the NSO Group, are exceptionally rare and vastly more sophisticated than regular cybercriminal activity or consumer malware.”
What Has Happened?
Apple's security team found a new spyware variant, similar to Pegasus, that has been targeting iPhones worldwide. In view of this threat, the company released a security update to counteract the vulnerability exploited by the spyware. The attack method typically involves a zero-click exploit, which doesn’t require user interaction to hack the device, making it insidious.
“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-,” the company mentioned in its alert email.
The tech giant told users, “This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously.”
As per a report by TechCrunch, a technology-update-based news media, some iPhone users in India are among those who received the latest notification. However, it did not mention the list of other countries.
Apple says that such attacks “cost millions of dollars, have a shorter shelf life, and are individually deployed against a very small number of people”.
What is this attack?
Unlike traditional malware cyber attacks, mercenary spyware is not targeted towards the masses at large. These are usually sensitive and sophisticated tools developed and sold by private firms to government agencies or other powerful entities for terror/infiltration detection and prevention activities. Such attacks are targeted to compromise specific or individual devices for advanced, quick, and deeper surveillance.
A mercenary spyware attack on your phone can majorly compromise your privacy as it can:
- Access sensitive data in your phones including messages, emails, and photos.
- Activate the microphone and camera
- Listen to your conversations and record activities without your notice
- Track the device’s location in real-time.
- Collect data from apps and monitor discreetly.