China suspected of being behind Apple's recent spyware warnings

Apple has been warning users of a spyware attack on iPhones

On April 11, 2024, Apple issued alerts to users in 92 countries, including India, about a "mercenary spyware attack" that it believes may have affected them. Apple gave no further details, other than to say that the attack was an attempt to "remotely compromise the iPhone."

According to a research and intelligence report on the Blackberry Blog, the attack is likely to have been made using "a sophisticated iOS implant," called LightSpy. The technology has reportedly not been seen since it was used in a 2020 campaign during political tensions in Hong Kong, but now appears to be back in a new form.

"LightSpy F_Warehouse," is a modular version of the spyware, which presents a range of espionage options. These include the ability to target personal documents and media on an iPhone, can steal files from apps such as WeChat and Telegram.

Blackberry says that LightSpy can also secretly record audio from an infected iPhone, including VOIP calls. At the same time, it can determine what the security blog describes as hyper-specific location data.

LightSpy appears to be being used at present to target iPhone users in India and Southern Asia.

"Evidence such as code comments and error messages strongly suggest the attackers behind LightSpy are native Chinese speakers," says the blog, "raising concerns about potential state-sponsored activity."

The full blog includes a description of how LightSpy works once it is in an iPhone, and how it avoids detection. As for how an iPhone is first infected, it's presumed that LightSpy uses a "watering-hole attack" method, which means it targets websites commonly used by the group being targeted.

BlackBerry advises that users who are potential targets because of their work or activism, should use Apple's Lockdown Mode.

Apple has not commented on the report.