Apple alerted Polish prosecutor to likely NSO spyware attack

Posted on |

As part of hitting back at spyware company NSO, Apple alerted a Polish prosecutor that her iPhone appears to have been compromised by Pegasus. This also gives us our first look at the text of Apple’s security alerts.

Although Poland has not admitted purchasing and using the spyware, there is significant evidence that it has done so …


As outlined in our NSO guide, the company makes Pegasus spyware, which has been used by multiple governments to gain illicit access to smartphones belonging to journalists, government opponents, human rights campaigners, lawyers, and more.

We learned earlier this week that Apple is suing NSO for attacking iOS users, and also that the company is monitoring iPhones for signs of being compromised by Pegasus, and alerting customers.

Apple alerted Polish prosecutor

ThinkApple reports that one of those notified is a Polish prosecutor named Ewa Wrzosek. She was likely targeted after initiating an investigation into a failed presidential election in which millions in Polish currency was spent on a postal vote that did not take place.

Ewa Wrzosek is a prosecutor, a member of the Association of Prosecutors “Lex Super Omnia”. She exposed herself to the authorities on April 23, 2020, when she initiated an investigation into the so-called “Envelope elections”. On the same day, however, the investigation was taken from her and discontinued, and disciplinary proceedings were initiated against Wrzoski. Since then, the prosecutor has repeatedly criticized the changes in the Polish judiciary after 2015.

Yesterday evening, Ewa Wrzosek announced on Twitter that she had received a notification from Apple about a possible attack by state services on her iPhone using Pegasus.

In her tweet, she asked the Minister of Justice for an explanation.

I just got an alert from @AppleSupport about a possible cyber attack on my phone by state services. With the indication that I may be targeted for what I am doing or who I am. I will take the warning seriously because it was preceded by other incidents. @ZiobroPL is it a coincidence?

This also provided our first look at (most of) the text Apple uses for the alerts:

ALERT: State-sponsored attackers may be targeting your iPhone. Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID <redacted>

These attackers are likely targeting you individually because of who you are or what you do. If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone. While it’s possible this is a false alarm, please take this warning seriously.

State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Researchers and journalists have publicly documented such attacks against popular cloud services, including iMessage as well as Facebook Messenger, Gmail, Signal, and WhatsApp.

Some state sponsored attacks need no interaction from you, and others rely on tricking you into clicking a malicious link or opening an attachment in an email, SMS, or other message. These attempts can be quite convincing, ranging from fake package tracking updates to custom crafted, emotional appeals claiming a named family member is in danger. Be cautious with all links you receive, and don’t open any links or attachments from unexpected or unknown senders.

State-sponsored attackers are sophisticated and will likely try to attack you through other channels, devices, and accounts not associated with Apple. Experts can provide the [screengrab cuts off here]

FTC: We use income earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

Leave a Reply

Your email address will not be published. Required fields are marked *