The big picture: Apple notified certain iPhone users, such as journalists, activists, and government dissidents, that they were being specifically targeted by spyware back in 2021. This form of malicious software is insidious because it can be installed through a zero-click attack and once on the device, it can read and hear just about everything. Apple doesn't provide much detail on how it knows a possible attack has occurred, fearing it might alert attackers on how to evade detection. However, it has introduced a Lockdown mode to circumvent spyware.
Apple has warned iPhone users in 98 countries of potential mercenary spyware attacks. This follows a similar threat notification issued in April to users in 92 nations, suggesting that the problem of spyware is growing or at least not being curtailed.
The warning did not disclose the attackers' identities or the countries where users received notifications. However, it informed affected users that they are likely being targeted specifically because of "who you are or what you do." To underscore the seriousness of the situation, Apple added that it has "high confidence in this warning – please take it seriously."
Last year, Apple changed some of the language in the notifications, describing the incidents as "mercenary spyware attacks" instead of the previously used "state-sponsored" attacks.
"Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices," Apple wrote in an advisory in April. "Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks."
The spyware gives attackers access to the smartphone's microphone and allows them to view everything written on the device, including messages in encrypted apps such as WhatsApp and Signal. They can also track location, collect passwords, and harvest information from apps.
And the attacks are getting more sophisticated. In the past, a victim had to click on a link or download an image to activate the spyware. Today, a zero-click attack delivers it via an iMessage or WhatsApp image that automatically plants spyware on the device.
Specific groups like journalists, activists, and government personnel are usually the primary targets. One notorious example is Pegasus, a highly sophisticated spyware developed by the Israeli cyber-arms company NSO Group, which has been widely used by governments to surveil high-profile targets. It can hack both Android and iOS devices.
Another example is LightSpy, a Chinese spyware campaign that initially targeted Hong Kong protesters in 2020 and has since evolved to offer detailed location tracking and sound recording.
Identifying spyware on an iPhone can be difficult, but some potential signs include rapid battery drain, unexpected device behavior, high data usage, and unusual device heating. Furthermore, Apple has introduced a security feature called Lockdown mode, which severely restricts certain features and functionalities to protect high-risk individuals from these attacks.