In a statement on Tuesday, Apple said that the NSO Group had created “state-sponsored surveillance technology”.
The powerful software has the ability to infect devices so hackers can extract messages, photos and emails, record calls and secretly activate microphones and cameras.
And while it is thought that only a “very small number of users” have been affected, the firm has still published a guide online about how to spot if something is amiss.
Apple said that, if it discovers activity consistent with a “state-sponsored” attack, it will notify the targeted users in two ways.
“Apple threat notifications are designed to inform and assist users who may have been targeted by state-sponsored attackers,” the company said.
The company explained that a threat notification will be displayed at the top of the page after the user signs into appleid.apple.com.
Apple then sends an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.
“These notifications provide additional steps that notified users can take to help protect their devices,” the firm said.
A statement continued: “State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. “Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete.
“It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected. “We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behavior to evade detection in the future.”
As mentioned, targets of the Pegasus hack are thought to be very targeted individuals. According to Reuters, Apple issued alert messages on Wednesday to at least six activists and researchers who have been critical of Thailand’s government.
Prajak Kongkirati, a political scientist at Bangkok’s Thammasat University, said he had received two emails from Apple warning it believed his iPhone and iCloud accounts had been targeted, along with a “threat notification” on his Apple account. Researcher Sarinee Achananuntakul and Thai activist Yingcheep Atchanont of Legal Monitoring group iLaw said they had received similar emails, while a rapper, a political activist, and a politician opposed to the government separately posted screenshots of the same email on their social media accounts.
Two political activists in Ghana, an opposition politician in Uganda, as well as a dozen journalists from Salvadoran media reported later on Wednesday having received similar warning messages from Apple, according to social media posts reviewed by Reuters. It was not immediately clear in Apple’s alerts on Wednesday whether the company believed Thais were being targeted by Pegasus.