Around this time just one week ago, iPhone users in 92 counties received a
“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID,” read the
Apple posted an
Now, a new report appears to have solved the mystery.
China-linked LightSpy spyware
The Apple news outlet
According to Blackberry, the spyware that iPhone users were warned about is called LightSpy, which is described in the report as a “sophisticated iOS implant.”
The report points out that this is a concerning development because LightSpy was last seen used in a campaign during the 2020 political protests in Hong Kong. So, this latest attack appears to be a reemergence of LightSpy.
LightSpy is “a fully-featured modular surveillance toolset,” according to Blackberry. The spyware can pull targets’ private information, which includes pinpoint-accurate location data as well as data from messaging applications, text messages, phone call history, and web browser history. It can even create sound recordings from the device, including recording during VOIP calls.
LightSpy has been used by attackers to target individuals in Southeast Asia, including India, for the most part, which explains why those notifications were mostly received by iPhone users located in that general region. The messaging apps mentioned in Blackberry’s report are among the most popular in that part of the world: QQ, WeChat, and Telegram. In addition, LightSpy can pull payment history from targets from the WeChat Pay service.
Blackberry believes this attack was once again perpetrated by China-based or native Chinese-speaking actors, as with previous LightSpy campaigns, and there’s a potential for state-sponsored involvement as well.
The report recommends that users who have reason to be targeted, whether due to their employment or activism, utilize Apple’s