Apple has once again triggered a global warning—this time notifying users in 150 countries that their iPhones may be the target of a sophisticated spyware attack. The alert, first reported by Reuters, didn’t reveal how many people were contacted or how many devices may have been compromised, but the scope alone puts this among Apple’s widest warning campaigns to date.

If the message feels familiar, it’s because it is. Apple sent an almost identical notification earlier this year, and the company issued several similar alerts throughout 2024. That consistency paints a clear picture: highly targeted spyware activity is not slowing down, and Apple is playing continuous defense to keep high-risk users informed.

What this kind of spyware actually does

When we talk about “spyware,” it can sound abstract—almost like something out of a movie script. But the function is painfully real: this software is designed to gain remote, silent, and persistent access to a smartphone. Once installed, it can expose the full contents of your digital life:

• Messages
• Encrypted chats (yes, even WhatsApp and Signal)
• Call logs
• Microphone and camera access
• Location data
• Files and browsing history

In short, spyware operators can observe a victim’s device as if they were holding it in their hands—except the victim has no idea it’s happening.

These attacks almost never target everyday users. Instead, they are usually aimed at individuals with strategic value: politicians, diplomats, activists, business leaders, and journalists. Their communications often carry geopolitical weight or sensitive intelligence, making them attractive targets for governments or commercial surveillance firms.

Why Apple’s warning matters right now

Apple’s security alerts are rare. When they do appear, they’re triggered by what the company calls “state-sponsored” or “mercenary spyware attacks.” These are not phishing scams or basic malware infections—they involve multi-million-euro spyware frameworks capable of exploiting previously unknown iOS vulnerabilities.

Apple’s language in these notices typically avoids naming the perpetrators, but the timing is noteworthy: the same week Apple issued its new wave of alerts, Google also published an urgent advisory about similar spyware activity affecting Android devices.

Google’s warning and the Intellexa problem

Google’s alert centered on infections by Predator, a spyware tool developed by Intellexa, a company already sanctioned by the United States for selling surveillance technologies. Despite sanctions, Intellexa has continued to operate globally.

In its security bulletin, Google wrote that Intellexa has “adapted, circumvented restrictions, and continues to sell digital weapons to the highest bidders.” Its researchers discovered several hundred compromised Android accounts across Pakistan, Kazakhstan, Angola, Egypt, Uzbekistan, Saudi Arabia, and Tajikistan.

Predator is part of the same class of commercial spyware as NSO Group’s Pegasus—highly advanced, extremely expensive, and typically sold to governments. This places the Apple and Google alerts in the same narrative: spyware vendors have evolved into global mercenary operations, often exceeding the capabilities of national intelligence services.

How to tell if something is wrong with your phone

Most people will never receive an Apple or Google threat notification. But if you belong to a sensitive industry—media, law, political work, human rights, defense—these risks are not theoretical.

Even though advanced spyware hides well, there are certain visible red flags:

• Overheating without heavy usage
• Rapid battery drain
• New apps you didn’t install
• Sudden device slowdowns
• Microphone or camera activating when not in use
• Unusual network activity

There are also free online scanning tools that can flag known spyware signatures. However, these tools can only detect what they recognize—and the most dangerous spyware exploits zero-day vulnerabilities, meaning flaws manufacturers themselves haven’t discovered yet.

That’s why the single most effective protection method remains simple: always update your device. Both Apple and Google patch dozens of vulnerabilities each year, many of them silently shielding users from high-end surveillance tools.

How Apple’s response compares to the industry—and what comes next

Apple’s alert system is still considered one of the most proactive in the market. While the company doesn’t disclose technical details to avoid tipping off attackers, its willingness to notify at-risk users stands out. Google, meanwhile, takes a more forensic approach—publicly documenting threat actors, vulnerabilities, and attribution when possible. Microsoft’s Threat Intelligence division also plays a significant role globally, often tracking nation-state spyware campaigns tied to Russia, China, Iran, or North Korea.

Across all three platforms, a clear trend is emerging: spyware is no longer a niche threat affecting a handful of nations—it’s a growing commercial industry with global reach. Tools like Predator and Pegasus have reset expectations about what surveillance technology can do, and both Big Tech and governments are being forced into a new defensive posture. Even the EU and US have begun drafting stricter export controls, sanctions, and transparency rules to curb spyware proliferation.

Reliable sources such as Reuters, Google Threat Analysis Group reports, Apple’s official support page, and Citizen Lab’s research all point in the same direction: the combination of zero-day vulnerabilities and commercial spyware is one of the most pressing cybersecurity issues of this decade.

The bottom line for users—especially those working in sensitive environments—is that mobile security is no longer passive. Updating your phone, monitoring for unusual behavior, and staying informed are now essential habits. And as Apple, Google, and regulators tighten their responses, we can expect more frequent, more coordinated alerts as the tech industry races to stay ahead of an increasingly sophisticated spyware market.