Home > Mains Articles > Apple’s Mercenary spyware alert

Apple’s Mercenary spyware alert

Spyware aims to gather data for advertising purposes or identity theft.

By Vajiram Editor - Apr 12, 2024, 04:55 IST

Listen
Apple’s Mercenary spyware alert
Table of Contents

What’s in today’s article?

● Why in News?

● What are Spyware and malware?

● What are Mercenary spyware attacks?

● What is Pegasus Spyware?

GS 2 yr
IAS Toppers
GS 11
Sch Test
Mains Camp
Module Course
Opt Sub
Opt TS
Mains Test Series
Rankers Prog

● What is Zero-click exploit?

Why in News?

Apple recently sent out warnings to iPhone users in India and 91 other countries. The company informed users saying that their iPhones might be under attack by a type of spyware called mercenary spyware, including one called Pegasus.

In October 2023, they sent similar warnings to politicians from different parties in India, suggesting a possible state-sponsored spyware attack on their iPhones. However, Apple later said they could not pinpoint any specific attacker.

What are Spyware and malware?

  • Spyware and malware are types of harmful software designed to infiltrate and damage computers or devices.
  • Spyware
    • Spyware specifically focuses on spying on a user’s activities, such as browsing habits, keystrokes, or personal information, without their consent.
    • It often aims to gather data for advertising purposes or identity theft.
  • Malware
    • Malware, short for malicious software, encompasses a broader range of harmful programs that can include viruses, worms, ransomware, and more.
    • Malware typically aims to disrupt, damage, or gain unauthorized access to a computer system or network.

What are Mercenary spyware attacks?

  • About
    • Mercenary spyware attacks are highly complex, targeting specific individuals with exceptional resources, surpassing regular cybercriminal activity and consumer malware.
    • They are difficult to detect and prevent due to their substantial investment and short lifespan.
    • Sophisticated digital threats have been targeting some users, but most people are probably safe.
    • These attacks represent some of the most sophisticated digital threats globally, prompting Apple to abstain from assigning them to specific attackers or regions.
  • Aim
    • Mercenary spyware is designed to remotely infiltrate and compromise smartphones and other devices without the knowledge or consent of the users.
    • These surveillance tools could be used to monitor movements and communications, steal private data, etc.
    • In some cases, governments, intelligence agencies, and law enforcement bodies have reportedly bought mercenary spyware wherein political opponents and activists are often targeted.
  • Examples
    • Companies producing mercenary spyware include the NSO Group, FinFisher, and Hacking Team.
    • NSO Group’s flagship spyware Pegasus helps infiltrate devices remotely and access calls, emails, messages, and other files.
    • Finfisher’s products like FinSpy can capture keystrokes and access data besides activating microphones and cameras without permission.
    • The Hacking Team’s Galileo aka Remote Control System (RCS) also can capture keystrokes and record video calls besides accessing the camera and microphone.

What is Pegasus Spyware?

  • Pegasus is a malware/spyware developed by Israel’s NSO Group.
  • The spyware suite is designed to access any smartphone through zero-click vulnerabilities remotely.
  • Once a phone is infiltrated, the spyware can access entire data on that particular phone.
  • It also has real-time access to emails, texts, phone calls, as well as the camera and sound recording capabilities of the smartphone.

What is Zero-click exploit?

  • About
    • A zero-click exploit refers to malicious installed on a device without the device owner’s consent.
    • More importantly, it does not require the device owner to perform any actions to initiate or complete the installation.
  • Specific exploit used in the present case involving Indian journalists
    • The specific exploit allegedly in use on the two devices is called BLASTPAST (previously identified as BLASTPASS).
    • It plays out in two phases.
    • In the first, the attack attempts to establish a link with the Apple HomeKit – which gives users a way to control multiple smart devices – on the target’s device.
  • The purpose of the first phase could be to determine how the device can be exploited or to keep it in sight for further exploitation in the future.
    • In the second, some malicious content is sent via the iMessage app to the target.
  • This phase is the one that delivers the full spyware payload.

Q.1. What is BLASTPAST?

Blastpast, previously known as BLASTPASS, is a zero-click exploit chain that allows spyware to be installed on a device without the owner’s consent.

Q.2. What is ransomware?

Ransomware is a type of malware that prevents users from accessing their computer files, systems, or networks, and then demands payment to return them. Ransomware attacks can cause costly disruptions to operations and the loss of critical information and data.

Source: Mercenary spyware: Apple says iPhone users in India and 91 other countries were likely victims of a spyware

Indian Express

The Week

Times of India

Latest UPSC Exam 2025 Updates

Last updated on June, 2025

UPSC Notification 2025 was released on 22nd January 2025.

UPSC Prelims Result 2025 is out now for the CSE held on 25 May 2025.

UPSC Prelims Question Paper 2025 and Unofficial Prelims Answer Key 2025  are available now.

UPSC Calendar 2026 is released on 15th May, 2025.

→ The UPSC Vacancy 2025 were released 1129, out of which 979 were for UPSC CSE and remaining 150 are for UPSC IFoS.

UPSC Mains 2025 will be conducted on 22nd August 2025.

UPSC Prelims 2026 will be conducted on 24th May, 2026 & UPSC Mains 2026 will be conducted on 21st August 2026.

→ The UPSC Selection Process is of 3 stages-Prelims, Mains and Interview.

UPSC Result 2024 is released with latest UPSC Marksheet 2024. Check Now!

UPSC Toppers List 2024 is released now. Shakti Dubey is UPSC AIR 1 2024 Topper.

→ Also check Best IAS Coaching in Delhi

Vajiram Editor
Vajiram Editor
Related Posts
PMGSY QR Code Tracking

PMGSY QR Code Tracking

Vajiram Editor | June 21, 2025
Iran NPT withdrawal

Iran NPT Withdrawal

Vajiram Editor | June 21, 2025
A Step Towards Legalising End-of-Life Choices

A Step Towards Legalising End-of-Life Choices

Vajiram Editor | June 21, 2025
Courses
UPSC GS Course 2026
UPSC GS Course 2026
₹1,75,000
Enroll Now
GS Foundation Course 2 Yrs
GS Foundation Course 2 Yrs
₹2,45,000
Enroll Now
UPSC Prelims Test Series
UPSC Prelims Test Series
₹6000
Enroll Now
UPSC Mains Test Series
UPSC Mains Test Series
₹16000
Enroll Now
UPSC Mentorship Program
UPSC Mentorship Program
₹85000
Enroll Now
Enquire Now