On Wednesday, April 10, at 12 PM PT, Apple sent out mercenary spyware warnings to iPhone users in 92 countries, informing them of a potential threat to their data. The Apple spyware alert claimed that the attack was attempting to “remotely compromise” the iPhone associated with the receiver’s Apple ID. The company did not elaborate on the nature of the threat or what prompted their global mercenary spyware warning, but they claimed to have “high confidence” in it, cautioning users to take it seriously. We have no confirmation on which countries received Apple’s mercenary attack notification, but what we do know is that it’s got everyone a tad bit worried.
Image: Canva
What Was Mentioned in Apple’s Mercenary Spyware Warning?
Apple’s recent mercenary attack notification isn’t the first time the company has put users on high alert warning them of a potential targeted threat to their devices. Last year around October, Apple sent out a similar warning to power players like politicians and journalists in India warning of a potential threat. Later in the same year, Amnesty International found evidence of the Pegasus spyware on the iPhones of a few prominent journalists. It was reportedly sourced from Israeli spyware maker NSO Group, confirming that the Apple spyware alert had been well-grounded.
“Since 2021, we have sent Apple threat notifications multiple times a year as we have detected these attacks, and to date we have notified users in over 150 countries in total. The extreme cost, sophistication and worldwide nature of mercenary spyware attacks makes them some of the most advanced digital threats in existence today. As a result, Apple does not attribute the attacks or resulting threat notifications to any specific attackers or geographical regions.”
—Apple
A similar situation could unfold this time as well, for users who received Apple’s global mercenary spyware warning. Techcrunch was among the first to bring these alerts to the public, sharing an example of what Apple’s mercenary attack notification looked like this time.
“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-. This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously.”
As ominous as the message is, the implications of such an attack would be even worse, spelling real danger to those who are exposed to the spyware.
Who Received the Apple Mercenary Attack Notification?
Apple has stated that if you’ve received a notification, it is because of “who you are or what you do” suggesting that the receivers have high-profile jobs or deal with sensitive issues. Considering the previous attack was also targeted at politicians and journalists, we could see a similar pattern emerge this time as well. These assumptions are further supported by speculations about countries with approaching elections being targeted, the attackers looking to disrupt and sway official proceedings.
How to Check If You Have Received the Apple Mercenary Spyware Warning
Those who have been identified as targets of the mercenary spyware should have received an iMessage notification and email on the ID linked with the Apple account. If you think you might have missed it and want to clarify that the Apple spyware alert was not meant for you, consider logging on to your Apple account on the website. According to Apple’s support page, a threat notification should be visible on the top of the page for those who have received the Apple mercenary spyware warning.
What To Do if You’ve Received the Apple Spyware Alert
If you’ve received a notification regarding the mercenary spyware, then Apple offers a “Lockdown Mode” that can help protect the device. This feature will restrict the functioning of the device to protect it from any of the spyware trying to get in. For example, message attachments are blocked, FaceTime from unknown contacts is restricted, location information is scraped from shared photos, and web sharing is limited. The Lockdown Mode tries to restrict your device’s contact with external sources in order to reduce the number of potential invasion points.
According to Apple, “Lockdown Mode is available in iOS 16 or later, iPadOS 16 or later, watchOS 10 or later, and macOS Ventura or later. Additional protections are available in iOS 17, iPadOS 17, watchOS 10, and macOS Sonoma.” Apple also recommends that you contact an external expert to help with the threat, for example, the Digital Security Helpline at the non-profit Access Now. The organization should be able to provide essential security-related advice on what you should do next.
🚨Apple has sent threat notifications to iPhone users in 92 countries informing them they “are being targeted by a mercenary spyware attack”
If you’re a member of civil society + received an alert, you can request forensic support using our Get Help form👇https://t.co/ZLXDwM5Es2
— Amnesty Tech (@AmnestyTech) April 11, 2024
Even if you have not been on the receiving end of Apple’s global mercenary spyware warning, it’s a good idea to protect yourself from external threats as much as possible. Investing in a good antivirus system that regularly scans your devices for any signs of harmful aberrations is an effective way of keeping threats at bay. Similarly, using a VPN is a useful preventive measure that can stop any lurkers from learning too much about you. It is also a good idea to regularly update your passwords, switch to passkeys, be careful of the websites you’re visiting, and stay alert for any unusual activity that might signal that something is amiss.