Congress leader KC Venugopal receives Apple warning over ‘mercenary spyware attack’: What kind of threat is this? | Explained News

The warning noted that “mercenary spyware” attacks, such as those carried out using Pegasus, a malware developed by the Israeli company NSO Group, are extremely rare and highly sophisticated.

Venugopal received a similar message on October 30, 2023.

Apple warned its users in India and 91 other countries in April about such attacks by “mercenary spyware,” including Pegasus.

Who would want to attack a phone with money-hungry spyware, as Apple claims?

Apple has not said who the attackers might be. It has only said that attacks “like those using Pegasus” are “extraordinarily rare and far more sophisticated than regular cybercrime or consumer malware.” These attacks, which are “sustained and global,” are “deployed individually against a very small number of individuals,” the threat alert states.

Apple had sent a similar notification to some users in October 2023. At the time, Apple had stated that “state-sponsored attackers” were attempting to “remotely compromise” their iPhones. Under pressure from the government, Apple then clarified that it “does not attribute the threat alerts to any specific state-sponsored attacker.”

Recipients of the October 2023 emails included opposition politicians Shashi Tharoor of Congress, Raghav Chadha of AAP and Mahua Moitra of Trinamool Congress. Some journalists had also reported receiving the notification. Like the April 11 notification, the earlier notification also said that the recipients were likely targeted based on their identity or actions.

Was 2023 the first year Apple sent these notifications?

Apple has been sending these threat notifications since late 2021. These are automated messages sent to alert and assist iPhone users when Apple’s systems detect activity that matches certain patterns.

The “threat notification” is sent via email and iMessage to the email addresses and phone numbers associated with the affected user’s Apple ID. In the standard text of the message, Apple says it cannot provide information about what prompts them to issue the threat notifications, as this could help attackers “adjust their behavior to avoid detection in the future.”

In a statement before sending the October 2023 notification, Apple had stated that it was “possible that some Apple threat notifications may be false positives or that some attacks may not be detected.”

What should someone do if they receive such a notification?

Apple’s notifications are accompanied by advice on additional steps users can take to protect their devices and their privacy. Some of the general security tips Apple recommends include updating to the latest software versions, setting a passcode, enabling two-factor authentication, and using a strong Apple ID password.

Users are also advised to download apps only from the App Store, use a different password for each online account, and avoid clicking on links or attachments from unknown sources.
Apple also recommends that users enable Lockdown Mode, a feature introduced in recent software updates specifically designed to protect against rare and sophisticated cyberattacks like these.

Enabling lockdown mode puts the device into a high-security state where many normal functions are restricted or disabled. For example, a device in lockdown mode cannot send or receive attachments, links, or link previews in messages to prevent attackers from accessing the user’s personal information.

Lockdown mode is only available on devices running iOS 16 or later, iPadOS 16 or later, watchOS 10 or later, and macOS Ventura or later.