NEW DELHI: Apple has issued a new spyware warning to iPhone users in 92 countries after it found they had been targeted in attacks. Apple users were alerted of the attacks via a notification email seen by Reuters.

In India and 91 other countries, victims of the spyware attack were informed that adversaries had attempted to “remotely compromise the iPhone.”

Apple has issued a new spyware warning to iPhone users in 92 countries after it found they had been ... [+]

“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-,” the alert reads.

“This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning—please take it seriously.”

The new iPhone attack aimed to install malicious software on the device to spy on a user’s data and location. Apple has sent these emails before, with multiple alerts going out to over 150 countries since 2021, according to the email sent out by the iPhone maker.

Apple did not disclose where the attack came from, but spyware attacks are typical of nation-state actors. In 2021, Apple sued Israeli firm NSO Group for its part in attacks on iPhone users.

Over the last few years, Apple has issued an increasing number of iOS updates to address holes that could have been used for spyware attacks. Some of these come as emergency security updates, especially when an iPhone flaw is already being used in attacks.

Spyware attacks are scary because the malware can be delivered in a so-called zero-click attack which requires no interaction from an iPhone user. One example is a malicious image that can be sent over iMessage or WhatsApp.

If iPhone spyware attacks such as these are successful, they allow adversaries to completely take over the device. Attackers can listen in to calls, read emails—and even access apps such as WhatsApp and Signal, because they can see everything on your iPhone’s screen.

This might sound worrying, but spyware attacks only target a specific subset of users, usually journalists, dissidents, government workers and businesses operating in certain sectors. If this applies to you, Apple has introduced Lockdown Mode to use on your iPhone. It does reduce your iPhone’s functionality, but it’s worth it if you fall into this group and might be at risk.

“These are likely to be highly targeted attacks, on specific people, so ordinary iPhone users don’t have anything to be too concerned about,” says Sean Wright, head of application security at Featurespace.

Even so, he recommends all iPhone users apply security best practices. “Ensure that you apply the latest update, only install apps from trusted sources and apply some scrutiny to those apps—such as reviewing the permissions.”

Other tools such as VPNs “may have some limited benefit,” Wright says. “It will largely depend where the attack is from and how the new spyware works, for example if it scraps the data before network traffic is transmitted and received.”

Signs your iPhone may have been targeted by spyware include slowing of the device, fast draining battery, or overheating. If you do find this happening to your iPhone, in some cases turning it off can disrupt the malware temporarily.

If you have received the alert from Apple, you can contact human rights organization Amnesty International’s Security Lab, which offers digital forensic support to at risk human rights defenders, activists, journalists and members of civil society.

“If you are a member of civil society, and you have received an Apple notification, you can contact us and request forensic support using our Get Help form,” a notice on Amnesty International’s website reads.

Overall, every iPhone user should be ensuring their iOS software is up to date—the latest version is iOS 17.4.1. Apple might also release a new iOS update to patch the holes used for this latest spyware attack, or the iPhone maker might have even patched it already.