By DMS WIKI – Own work, CC BY-SA 4.0,

Apple has issued a sweeping alert to iPhone users in India and 91 other countries. These notifications warned of potential “mercenary spyware” attacks targeting their devices, including the controversial Pegasus malware by the Israeli NSO Group.

The notification emails sent by Apple informed users that they were being targeted by a “mercenary spyware attack,” which signifies an attempt to gain unauthorized access to their iPhones, with a crucial distinction from typical cybercrime. For those who are unaware, mercenary spyware attacks focus on specific individuals, often chosen based on their profession or identity (journalists, activists, politicians, and the like). These attacks can grant attackers access to a vast amount of sensitive data, including phone conversations, messages, and even camera and microphone recordings, therefore posing a significant threat to individual privacy and security.

“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-. This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously,” the notification email added.

The Apple notifications describe “mercenary spyware” as a particularly rare and vastly more complex threat compared to common malware encountered by most users. Examples include the infamous Pegasus spyware developed by the NSO Group, a powerful tool capable of extensive data extraction and remote device control. These tools are expensive to develop and deploy, typically targeting a limited number of high-value individuals due to their cost and complexity. In this case, Apple’s threat notification emails were sent at around 12.30 am IST on Thursday, April 11 to impacted users in India, although the exact number is yet to be revealed.

“Mercenary spyware attacks, such as those using Pegasus from the NSO Group, are exceptionally rare and vastly more sophisticated than regular cybercriminal activity or consumer malware. These attacks cost millions of dollars and are individually deployed against a very small number of people, but the targeting is ongoing and global,” Apple said in its threat notification.

This is not the first time something like this has happened – over the past three years, Apple has sent out similar threat notifications on multiple occasions, reaching users in over 150 countries so far. Last year’s notifications also reached at least 20 Indians with iPhones. Now, while the Cupertino-headquartered tech behemoth refrains from disclosing details about the attackers to prevent them from adapting their methods, they offer various resources to assist targeted users. These resources include an updated support page specifically dedicated to informing users about mercenary spyware attacks and the steps they can take to protect themselves. Similar resources include the enabling of Lockdown Mode on their iPhones, as well as ensuring that their iPhones and other Apple devices are updated to the latest software versions. Furthermore, users are advised to keep their messaging and cloud applications updated to the most recent versions and seek professional help in case their device may have been compromised.