Apple warned the Polish prosecutor of a probable NSO spyware attack

As part of striking back at spyware company NSO, Apple warned a Polish prosecutor that her iPhone appears to have been compromised by Pegasus. This also gives us our first look at the text of Apple’s security alerts.

Although Poland has not admitted the purchase and use of spyware, there is significant evidence that it has …


As described in our NSO guide, the company manufactures Pegasus spyware, which has been used by several governments to gain illegal access to smartphones belonging to journalists, government opponents, human rights defenders, lawyers and more.

We learned earlier this week that Apple is suing NSO for attacking iOS users, and also that the company is monitoring iPhones for signs of being compromised by Pegasus and warning customers.

Apple warned the Polish prosecutor

ThinkApple reports that one of the reported is a Polish prosecutor named Ewa Wrzosek. She was likely targeted after initiating an investigation into a failed presidential election in which millions in Polish currency were spent on a postal vote that did not take place.

Ewa Wrzosek is a prosecutor, a member of the “Lex Super Omnia” Prosecutors’ Association. She revealed herself to the authorities on April 23, 2020, when she initiated an investigation into the so-called “Envelope Committee”. On the same day, however, the investigation was taken from her and discontinued, and a disciplinary case was initiated against Wrzoski. Since then, the prosecutor has repeatedly criticized the changes in the Polish judiciary after 2015.

Last night, Ewa Wrzosek announced on Twitter that she had received a message from Apple about a possible attack by government services on her iPhone using Pegasus.

In her tweet, she asked Minister of Justice for an explanation.

I just got a warning from @AppleSupport about a possible cyber attack on my phone from government services. With the indication that I can be targeted for what I do or who I am. I will take the warning seriously because it was preceded by other incidents. @ZiobroPL is it a coincidence?

Heather also shared most of the text in Apple’s warning.

WARNING: State-sponsored attackers may be targeting your iPhone. Apple believes you are being attacked by state-sponsored attackers who try to remotely compromise the iPhone associated with your Apple ID

These attackers are likely to target you individually because of who you are or what you do. If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone. While this may be a false alarm, you should take this warning seriously.

State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Researchers and journalists have publicly documented such attacks on popular cloud services, including iMessage as well as Facebook Messenger, Gmail, Signal and WhatsApp.

Some state-sponsored attacks need no interaction from you, and others rely on tricking you into clicking a malicious link or opening an attachment in an email, text message, or other message. These attempts can be quite compelling, ranging from fake package tracking updates to custom-made, emotional appeals claiming a named family member is in danger. Be careful with all links you receive and do not open links or attachments from unexpected or unknown senders.

State-sponsored attackers are sophisticated and will likely try to attack you through other channels, devices, and accounts not affiliated with Apple. Experts can deliver [screengrab cuts off here]

FTC: We use revenue-earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:

Leave a Comment