{"id":24324,"date":"2024-04-15T19:11:38","date_gmt":"2024-04-16T03:11:38","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/04\/15\/news-18054\/"},"modified":"2024-04-15T19:11:38","modified_gmt":"2024-04-16T03:11:38","slug":"news-18054","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/04\/15\/news-18054\/","title":{"rendered":"Apple warns people of mercenary attacks via threat notification system"},"content":{"rendered":"\n<p>Apple has <a href=\"https:\/\/techcrunch.com\/2024\/04\/10\/apple-warning-mercenary-spyware-attacks\/\">reportedly<\/a> sent alerts to individuals in 92 nations on Wednesday, April 10, to say it&#8217;s detected that they may have been a victim of a mercenary attack. The company says it has sent out these types of threat notifications to over 150 countries since the start in 2021. <\/p>\n<p>Mercenary spyware is used by governments to target people like journalists, political activists, and similar targets, and involves the use of sophisticated tools like <a href=\"https:\/\/www.malwarebytes.com\/blog\/podcast\/2022\/02\/the-worlds-most-coveted-spyware-pegasus-lock-and-code-s03e04\">Pegasus<\/a>. Pegasus is one of the world\u2019s most advanced and invasive spyware tools, known to utilize zero-day vulnerabilities against mobile devices.<\/p>\n<p>The second number became known when Apple changed the wording of the relevant support page. The change also included the title that went from \u201cAbout Apple threat notifications and protecting against <strong>state-sponsored attacks<\/strong>\u201d to \u201cAbout Apple threat notifications and protecting against <strong>mercenary spyware<\/strong>.\u201d<\/p>\n<p>If you look at the <a href=\"https:\/\/web.archive.org\/web\/20240118092806\/https:\/support.apple.com\/en-us\/102174\">before<\/a> and <a href=\"https:\/\/support.apple.com\/en-us\/102174\">after<\/a>, you\u2019ll also notice an extra paragraph, again with the emphasis on the change from \u201cstate-sponsored attacks\u201d to \u201cmercenary spyware.\u201d<\/p>\n<p>The cause for the difference in wording might be because &#8220;state-sponsored&#8221; is often used to indicate attacks targeted at entities, like governments or companies, while these mercenary attacks tend to be directed at individual people.<\/p>\n<p>The extra paragraph specifically calls out the NSO Group and the Pegasus spyware it sells. While the NSO Group claims to only sell to \u201cgovernment clients,\u201d we have no reason to take its word for it.<\/p>\n<p>Apple <a href=\"https:\/\/support.apple.com\/en-us\/102174\">says<\/a> that when it detects activity consistent with a mercenary spyware attack it uses two different means of notifying the users about the attack:<\/p>\n<ul>\n<li>Displays a Threat Notification at the top of the page after the user signs into <a href=\"appleid.apple.com\">appleid.apple.com<\/a>.<\/li>\n<li>Sends an email and iMessage notification to the email addresses and phone numbers associated with the user\u2019s Apple ID.<\/li>\n<\/ul>\n<p>Apple says it doesn&#8217;t want to share information about what triggers these notifications, since that might help mercenary spyware attackers adapt their behavior to evade detection in the future.<\/p>\n<p>The NSO Group itself argued in a court case started by Meta for <a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/03\/pegasus-spyware-creator-ordered-to-reveal-code-used-to-spy-on-whatsapp-users\">spying on WhatsApp users<\/a>, that it should be recognized as a foreign government agent and, therefore, be entitled to immunity under US law limiting lawsuits against foreign countries.<\/p>\n<p>NSO Group has also said that its tool is increasingly necessary in an era when end-to-end encryption is widely available to criminals.<\/p>\n<h3 class=\"wp-block-heading\" id=\"h-how-to-stay-safe\">How to stay safe<\/h3>\n<p>Apple advises iPhone users to:<\/p>\n<ul>\n<li><a href=\"https:\/\/support.apple.com\/en-us\/105120\">Enable Lockdown mode<\/a>.<\/li>\n<li>Keep devices up to date.<\/li>\n<li>Protect devices with a passcode.<\/li>\n<li>Use <a href=\"https:\/\/www.malwarebytes.com\/glossary\/multi-factor-authentication-mfa\">Multi-Factor-Authentication<\/a> (MFA) <a href=\"https:\/\/support.apple.com\/en-jo\/guide\/iphone\/iphd709a3c46\/ios\">for your Apple ID<\/a>.<\/li>\n<li>Only install apps from the App Store.<\/li>\n<li>Use strong and unique passwords online.<\/li>\n<li>Don\u2019t click on links or attachments from unknown senders.<\/li>\n<\/ul>\n<p>We\u2019d like to add:<\/p>\n<ul>\n<li>Use an <a href=\"https:\/\/www.malwarebytes.com\/premium\">anti-malware solution<\/a> on your device.<\/li>\n<li>If you&#8217;re not sure about something that&#8217;s been sent to you, verify it with the person or company via another communcation channel.<\/li>\n<li>Use a <a href=\"https:\/\/www.malwarebytes.com\/what-is-password-manager\">password manager<\/a>.<\/li>\n<\/ul>\n<hr class=\"wp-block-separator alignfull has-alpha-channel-opacity is-style-wide\" \/>\n<p><strong>We don\u2019t just report on phone security\u2014we provide it<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by\u00a0<a href=\"https:\/\/www.malwarebytes.com\/ios\">downloading Malwarebytes for iOS<\/a>, and <a href=\"https:\/\/www.malwarebytes.com\/android\">Malwarebytes for Android<\/a> today.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/04\/apple-warns-people-of-mercenary-attacks-via-threat-notification-system\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Apple has sent alerts to people in 92 nations to say it&#8217;s detected that they may have been a victim of a mercenary attack. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[2211,31274,32,11940,5897,31275,11584],"class_list":["post-24324","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-apple","tag-mercenary-spyware","tag-news","tag-pegasus","tag-privacy","tag-state-sponsored-attacks","tag-zero-days"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24324","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=24324"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24324\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=24324"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=24324"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=24324"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}