Apple is a world-famous brand, and that its products are hugely popular.
Despite their relatively high price, Apple devices are highly sought-after in many places around the globe, for reasons like: quality and performance, the Apple ecosystem and how it's integrated with the many Apple services, the operating system, the App Store, and not to mention the brand perception, loyalty, and a high resale value.
The thing is, Apple devices are just like any other devices, in which they're also susceptible to cyberattacks.
And this time, Apple has officially declared that iPhone users are under threat of "mercenary spyware attacks."
While the company didn't disclose who the attackers were or what specific countries are receiving these notifications, the company is certain that it's happening with high confidence.
"Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-,” the company wrote in the warning to affected customers.
“This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously,” Apple added.
Apple has sent warnings to several politicians and journalists to inform them of the ongoing threat.
The recipients were told they are likely being targeted due to who they are or what they do and to take the warning seriously.
Users who fail to protect themselves may end up losing their Apple ID (Apple Account), money, data, or more.
The attack methods include sending SMS message, or also called 'smishing.'
This kind of attack urges targets to act immediately, by telling them to respond to an urgent request.
In this case, the strategy is telling targets that they need to sign in to iCloud to "continue using your services." Interacting with the SMS will direct the target into a website the hackers control, which resembles the real iCloud website.
If users log in, their usernames and passwords are stolen.
While Apple didn't detail much about the attack, it's suggested that the threats don't only come from petty hackers, but also from established companies like Israeli NSO Group, which created the notorious Pegasus malware.
In its communication to affected users, Apple stressed the sensitive nature of its threat identification methods, cautioning that divulging additional details could potentially aid attackers in evading future detection.
It's worth noting though, that Apple has stopped using the term "state-sponsored" attacks, and instead started referring to the incident as "mercenary spyware attacks."
Apple said in a dedicated support page, that it relies solely on "internal threat-intelligence information and investigations to detect such attacks."
Alongside the warning, Apple has also released some tips and advice on how to avoid falling victim to malicious tricksters.
In another support page, Apple explains what social engineering scams are, including the smishing attack, as well as fraudulent calls masquerading as coming from support staff.
The article also contains a wide range of tips and advice on how to avoid falling for scammers’ tricks and losing vital information that could be exploited by bad actors.