Apple sent threat notifications to some of its iPhone users in India and reportedly 91 other countries on Wednesday, warning they may have been targeted by “mercenary spyware” attacks.

The identity of the attackers has not been disclosed, nor the names of the countries where users have received the notifications.

The warning comes days before the first phase of the Lok Sabha elections (April 19), and follows an alert sent out last October when some users were warned of a “potential state-sponsored” attack on their devices.

In October, the notification was received by the Congress’s Shashi Tharoor and the
Trinamul Congress’s Mahua Moitra, among others.

Soon after, Apple had clarified in a statement that it “does not attribute the threat notifications to any specific state-sponsored attacker”.

The new threat notification alert, which does not mention the attackers as “state-sponsored”, was sent around 12.30am (Indian time) on April 11. But it’s unclear how many users have received the notifications in India or globally.

Mercenary spyware is designed to remotely compromise smartphones and other devices with tools that can be used to monitor communications or steal private data.

The subject line of the threat notification reads: “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-.”

The notification email also mentions: “This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously.”

Mercenary spyware attacks, such as the one involving Israeli spyware maker NSO Group’s invasive Pegasus, “are exceptionally rare” and sophisticated, the notification says.

Such notifications from Apple go out multiple times a year, according to the company’s support page, which says: “Since 2021, we have sent Apple threat notifications multiple times a year as we have detected these attacks, and to date we have notified users in over 150 countries in total.”

The support page also states: “Apple relies solely on internal threat-intelligence information and investigations to detect such attacks. Although our investigations can never achieve absolute certainty, Apple threat notifications are high-confidence alerts that a user has been individually targeted by a mercenary spyware attack and should be taken very seriously.”

In case such a notification has been received, Apple suggests contacting expert help, such as the rapid-response emergency security assistance provided by the Digital Security Helpline (can be accessed globally) at the non-profit Access Now.

Users who haven’t received an Apple threat notification but believe they are being targeted by mercenary spyware attacks can enable Lockdown Mode on Apple devices for additional protection. Once enabled, certain apps, websites and features will be strictly limited for security.