Apple Inc. has notified iPhone users in 92 countries that their devices were likely targeted by mercenary spyware.

The company alerted the affected individuals via email and iMessage on Wednesday afternoon. “Apple detected that you are being targeted by a 2 that is trying to remotely compromise the iPhone associated with your Apple ID,” the alert reads. 

The company didn’t disclose how many users are impacted or where they are located. According to TechCrunch, some of the affected individuals are in India. Apple detailed this week that it has distributed mercenary spyware alerts to users across more than 150 countries since 2021.

Around the same time it sent out this week’s round of notifications, the company updated its support article about the topic. The page specifies that Apple’s definition of mercenary spyware attacks includes state-backed hacking campaigns. The company lists hacking carried out using NSO Group Ltd.’s Pegasus malware as one example of such an attack.

At least some versions of Pegasus targeted victims through iMessage. According to Google LLC researchers, those versions spread via a malicious message that can activate even if the user doesn’t click it. Once it infects a device, Pegasus covers its tracks by deleting files on the victim’s iPhone that could be used to detect the breach.  

In 2021, Apple updated iOS with a cybersecurity mechanism called BlastDoor to make iMessage more secure. According to 9to5Mac, the feature opens messages in an isolated sandbox from which malicious code can’t spread. The sandbox isolates iMessage from both other apps and the underlying operating system. 

Last year, researchers discovered a new version of Pegasus that managed to circumvent BlastDoor. The malware did so by exploiting a flaw in HomeKit, an iOS framework that allows users to configure smart home devices with their iPhones. Pegasus used HomeKit to crash a key component of BlastDoor and thereby facilitate the spread of malware through iMessage.

Apple issued a patch for the flaw shortly after it came to light. Additionally, the company has built a second cybersecurity feature called Lockdown Mode that is likewise designed to protect users from mercenary spyware. The feature reduces an iPhone’s attack surface by disabling software features that can be used by hackers to spread malware. 

“Apple relies solely on internal threat-intelligence information and investigations to detect such attacks,” the company stated in the spyware alerts it distributed this week. “Although our investigations can never achieve absolute certainty, Apple threat notifications are high-confidence alerts that a user has been individually targeted by a mercenary spyware attack, and should be taken very seriously.”

Photo: Pixabay