Apple Warns Users in 92 Countries, Including India, About Mercenary Spyware: Everything to Know

  • Apple is recommending that impacted users turn on Lockdown Mode for enhanced security.
  • Apple has dropped the word ‘state-sponsored’ for these attacks in its latest warnings.
  • Apple first started issuing these kinds of warnings in 2021.

According to several reports, Apple has issued a new warning for customers in over 92 countries about new mercenary spyware attacks. Apple has also published an updated page about its threat notifications, explaining more about these attacks.

According to Reuters, the updated notification drops the word “state-sponsored” for these attacks. Let’s look at what is being reported on the issue and what this means for Apple users.

Apple’s Latest ‘Threat Notification’ For Users: What Does It Say

According to Reuters, Apple issued threat notifications to some users in India and 91 other countries. The threat notification warns them that they might be victims of a mercenary spyware attack, which are highly sophisticated spyware tools that often cost millions of dollars to deploy. Pegasus is, of course, the most well-known example that comes to mind for most users when thinking of such sophisticated spyware.

What the Apple ID page looks like when a Threat Notification is issued for a particular user. (Source: Apple)

It should be noted that in October, Apple sent notifications to opposition leaders in India, warning them of a ‘state-sponsored spyware attack’ on their iPhones. Given that the opposition party politicians had received these alerts, the issue had also evolved into a political one in the country.

However, the Indian government was displeased with this notification and asked Apple to clarify. Apple later stated that it did not attribute the threat notifications to any specific state or government. This could also explain why Apple has used the word ‘mercenary spyware’ this time to avoid any potential fallout with governments.

According to reports, it is unclear how many users in India have received this notification. Nor is it clear which other countries are on the list where users were notified.

Reports from NDTV and The Indian Express, which have seen the alert, also note that the users are asked to take immediate action. Apple is recommending that impacted users activate Lockdown Mode on their devices. It should also be noted that based on the notification, it is unclear whether the iPhone was hacked, but it mentions that the spyware is ‘trying to compromise’ the device’s security.

Apple’s Threat Notifications: What Are These

Apple issues threat notifications to iPhone users who are at high risk for sophisticated spyware attacks. As the current notification also mentions, the user is likely targeted because of who they are and what they do. This could typically mean investigative journalists, NGO workers, activists, prominent personalities, politicians, etc. This is not something that is issued for most regular users.

According to Apple’s support page on ‘Threat Notifications, ’

“attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices.”

Apple adds this spyware also has a “short shelf life, making it much harder to detect and prevent.” The support page also mentions NSO Group’s Pegasus spyware as an example. Apple has sent these notifications to users in over 150 countries since 2021.

Such spyware is a very ‘advanced digital’ threat. The Apple page further adds that the company “does not attribute the attacks or resulting threat notifications to any specific attackers or geographical regions.”

The page further notes that when Apple “detects activity consistent with a mercenary spyware attack, we notify the targeted users in two ways:”

  • The First is that “A Threat Notification is displayed at the top of the page after the user signs into”
  • The Second is that Apple “sends an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.”
Apple’s Lockdown Mode is recommended to users who receive such a threat notification.

Apple’s Threat Notifications: What is Lockdown Mode, How Does Apple Detect Threats?

Apple does not reveal how it detects the threats to ensure that the attackers don’t modify their tactics to avoid future detection. It also notes that the “threat notifications” will never ask users “to click any links, open files, install apps or profiles, or provide their Apple ID password or verification code by email or on the phone.”

Apple also says that users can sign in to to verify if the threat notification is genuine. If a threat notification is visible at the top of the page after they sign in, it means Apple indeed sent the notification. Apple also recommends that these users rely on expert help once they receive such an alert.

Meanwhile, the Lockdown Mode, when enabled, will restrict several features on the iPhone, iPad, Mac or Apple Watch. This is done to enhance security and reduce the risk of spyware attacks. Apple warns that in ‘Lockdown Mode’,

“some apps, websites, and features are strictly limited for security, and some experiences might not be available at all.”

For example, Links and Link Previews are unavailable in Messages in this mode. Apple also blocks some web technologies, which could mean that certain websites, some fonts, etc., might not load properly when accessed from the device. Apple also blocks incoming FaceTime calls unless the user previously contacted that person.

Lockdown Mode is available in iOS 16 or later, iPadOS 16 or later, watchOS 10 or later, and macOS Ventura or later.

Apple’s Lockdown Mode.

How to activate Lockdown Mode on iPhone or iPad

  • Open the Settings app and Go Down to Privacy & Security.
  • When the Privacy And Security tab opens up, Scroll down, tap Lockdown Mode, and then tap Turn On Lockdown Mode.
  • Restart the device and then enter your device passcode. Lockdown Mode should be enabled.

Other general recommendations for Apple iPhone users include:

  • Update devices to the latest software, which has the latest security fixes. Apple is known for consistently pushing these out faster than most Android manufacturers.
  • Users should rely on a passcode for their device and use two-factor authentication for Apple ID. A unique and strong password for the Apple ID is also critical.
  • Apple recommends installing apps only from the App Store.
  • It also recommends that users not click links or attachments from unknown senders.