Apple Sends Out Spyware  like Pegasus Attack Notifications to Targeted Users

Apple has recently sent out spyware attack notifications to iPhone users in over 100 countries, alerting them that they may be targeted by highly sophisticated "mercenary spyware" attacks. These alerts are part of Apple's official threat notification system designed to inform and assist individuals who are specifically targeted due to "who they are or what they do," such as journalists, activists, politicians, and diplomats

Mercenary spyware attacks are well-funded, highly complex cyberattacks often linked to private surveillance companies selling tools to governments. These attacks are zero-click, meaning they can compromise a device without any interaction from the user, and are aimed at extracting information covertly. Apple references spyware like Pegasus, developed by the NSO Group, as an example of such mercenary spyware

Apple issues these threat notifications when its internal threat intelligence detects activity consistent with mercenary spyware targeting a user's iPhone. Notifications are sent in two ways

A threat notification banner appears at the top of the page when the user signs in to their Apple account at account.apple.com

Email and iMessage alerts are sent to the email addresses and phone numbers associated with the user's Apple ID.

What Users Should Do if Notified

Apple advises users who receive these notifications to take the warnings seriously and follow recommended security steps

• Enabling Lockdown Mode on their iPhone, a special security mode designed to protect against targeted attacks

• Updating to the latest iOS version (such as iOS 18.4.1)
• Avoiding opening links or attachments from unknown sources
• Seeking expert help, such as from the Digital Security Helpline by Access Now, which offers 24/7 emergency security assistance tailored to targeted users

Apple does not disclose the exact technical methods or indicators it uses to detect these attacks, citing concerns that revealing such details could help attackers adapt their behavior to evade detection in the future

publicly acknowledging receipt of these notifications are Italian journalist Ciro Pellegrino and Dutch commentator Eva Vlaardingerbroek

Yesterday I got a verified threat notification from Apple stating they detected a mercenary spyware attack against my iPhone.

We’re talking spyware like Pegasus.

All I know for sure right now is that someone is trying to intimidate me.

I have a message for them: It won’t work. pic.twitter.com/mLPVyttFwm

— Eva Vlaardingerbroek (@EvaVlaar) April 30, 2025

Forensic Analysis Groups for  Spyware

• Amnesty International’s Security Lab
• Citizen Lab
• Kaspersky Lab
• Digital Security  https://www.accessnow.org/help/#contact-us