Emerging Threats

Apple alert: Hundreds of iPhone users targeted in a spyware attack

Ray Fernandez

May 7, 20255 min read

Apple alert: Hundreds of iPhone users targeted in a spyware attack: Header image

It’s no secret that high-level iPhone users, such as journalists, human rights activists, government opposition, and other groups, are targeted with spyware like Pegasus. From time to time, Apple sends out notifications to users around the world, warning that they are under spyware siege.

Apple doesn’t stop at security notifications. Lockdown Mode, for example, is a security feature developed specially to help protect these types of targeted users. However, since the first Pegasus scandal back in 2021, there is still no permanent solution to spyware on the horizon.

Recently, Apple (once again) issued notifications to users in 100 countries, informing them they were being targeted by spyware. Let’s dive in and see what we can find out. 

Apple warns users in 100 countries of spyware threat, again 

On April 30, TechCrunch reported on the new warning sent out by Apple to users around the world. One of the users who received this notification said the company sent the notification to users in 100 countries. 

According to the media, Apple warned victims to take the notification seriously and take immediate action. Italian journalist Ciro Pellegrino shared screenshots of the notification in a video he published on Fanpage

A screenshot of the video shared by an Italian journalist showing a spyware alert from Apple.
The Italian journalist shared on his Fanpage a video where he claimed to have received a spyware alert from Apple. Image: Screenshot, Moonlock.

Strangely enough, TechCrunch reported that in February this year, Pellegrino’s Fanpage colleague, Italian journalist Francesco Cancellato, was also targeted with spyware. 

Eva Vlaardingerbroek, a lawyer and commentator from the Netherlands, shared a video on X claiming she received the Apple notification. 

As far as we know, these are the only Apple users to have come forward saying that they have been targeted by spyware in this campaign. 

Media from other countries, including The Times of India, which always covers these Apple notifications in brief, also reported on the news. And in the United Kingdom, the Sun.co.uk (not usually known for cybersecurity investigations) ran a similar, shorter report. 

Spyware is a dime a dozen, and Pegasus is the tip of the iceberg

Apple calls this type of spyware risk “mercenary spyware attacks against your iPhone.” Everyone would agree that receiving a message of this sort on your personal phone is more than scary.

The Apple notifications also tend to imply that Pegasus, developed by the NSO Group from Israel, is the tool behind the cyberattack. In fact, new reports show that Pegasus-infected iPhones are more common than anyone would have previously expected. 

In February 2025, iVerify shared that their customers scanned 18,000 unique devices through iVerify, and 11 were infected with Pegasus. This finding is contradictory to what cybersecurity experts usually say about spyware — that it is advanced, state-of-the-art malware, and attacks are very rare. 

A screenshot of the report from iVerify on Pegasus malware.
iVerify claims that the rate of spyware like Pegasus on iPhones is much greater than believed. In a recent report, the company shared its results. Image: Screenshot, Moonlock.

Additionally, Pegasus, as a spyware, is not unique.

Determining how many companies work in the industry of digital surveillance is a tough nut to crack. Some reports, citing Google, claim that there are at least 40 commercial spyware vendors. This does not include the so-called “parental monitoring” spy tools available online, which are just as effective if a bad actor manages to get their hands on your iPhone. 

Other examples of spyware similar to Pegasus include Hermit, FinFisher, and Chrysaor, which are also designed for covert surveillance and data extraction from mobile devices.

The hard truth is that spyware is a dime a dozen, and the NSO Group from Israel is just one of a vast ecosystem and market of software developers that work in the legal business of surveillance technologies. These companies often operate in countries where laws permit their operations. The majority of these developers are based in Italy, Germany, and Israel

As stated above, Apple calls the crème de la crème in spyware “mercenary malware.” While human rights groups advocate for this technology not to be deployed against civilians, the customers of the companies that develop this malware include law enforcement, intelligence agencies, governments, the defense sector, and related industries.

Corporate espionage actors also use this type of technology within the private sector for intellectual property (IP) theft. 

A screenshot of a global map of the surveillance industry.
The Atlantic Council has an online interactive map with known spyware developers’ details on a global scale. Image: Screenshot, Moonlock.

The main takeaway: How anyone can make their iPhone more secure 

For now, let’s leave the spyware global market investigations to those who are responsible for such investigations. Considering that spyware is more common than was once thought, let’s look at some simple actions you can take to protect yourself and mitigate the threat today. 

If you take these actions, you will increase the security posture of your iPhone not only against spyware but also against information stealers, cryptojackers, and other common types of malware going after regular folks. 

To make your iPhone more secure: 

  1. Update your operating system and apps regularly to patch potential vulnerabilities.
  2. Activate built-in security features, such as biometrics and multi-factor authentication, to block unauthorized access.
  3. Be cautious with unknown links or app downloads, and install apps only from trusted sources. Neglecting to do so increases the risk of a spyware infection. 
  4. Use a reliable mobile security solution or VPN to add an extra layer of protection from malicious actors.
  5. Regularly review and adjust your privacy settings to limit data sharing with apps and online services.

Final thoughts 

Spyware can be a real nightmare, and if you work in high-value target organizations, even more so. However, there are still many issues related to spyware that need to be debated, investigated, and clearly communicated. Until that happens, we will continue to see news reports emerge from multiple media sources, informing the public about new mercenary spyware attacks.

This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Apple Inc. iPhone and iOS are trademarks of Apple Inc.

MoonLock Banner
Ray Fernandez Ray Fernandez
Ray has been covering tech and cybersecurity for over 15 years. His work has appeared on TechRepublic, VentureBeat, Forbes, Entrepreneur, and the Microsoft Blog, among others.