In December of last year, hundreds of iPhone and Android users received warning notifications indicating that their devices had been targeted by spyware. Days later, both Apple and Google released updates to close security vulnerabilities that experts believe were used to implant this hidden software on a limited number of devices.
The danger of spyware lies in its ability to allow the attacking party to see everything you do on your phone and hear everything around you, including through encrypted messaging applications such as WhatsApp and Signal. This type of attack is often precisely targeted at political opponents, journalists, politicians, and business leaders in specific sectors.
These tools have affected well-known figures, including former Amazon chief executive Jeff Bezos and Hanan al Attr, the wife of the slain Saudi dissident Jamal Khashoggi. Both were reportedly compromised using the Pegasus spyware developed by the NSO Group.
Today, spyware remains prevalent within these circles, but experts believe its reach may expand. In early December, coinciding with Google issuing a threat notification, company researchers published details about a series of intrusions used to secretly install the Israeli Predator spyware on certain devices.
This followed a warning from the US Cybersecurity and Infrastructure Security Agency, which alerted users that hostile actors are actively exploiting commercial spyware to target messaging applications on mobile phones.
With growing risks, what can be done to protect an iPhone or Android device?
Zero Click Attacks
Spyware often infects smartphones through what are known as zero-click attacks, meaning the phone can be compromised without clicking a link, downloading a malicious image, or any user interaction.
These attacks cannot be mitigated through traditional means. Once a phone is infected, attackers can read messages, monitor keystrokes, take screenshots, track notifications, and access banking applications, according to Peter Arntz, senior malware researcher at Malwarebytes.
With full system access, spyware can exfiltrate data such as emails and texts, send messages, steal credentials, and access cloud systems, according to Rocky Cole, co-founder of the spyware detection application iVerify.
Beyond zero-click attacks, a device may be infected by clicking a compromised link via text message, email, or social media. Malicious software can also hide within applications that appear legitimate, within image files sent through messages, or as a result of browser vulnerabilities.
Richard Latulipe, field chief information security officer at Recorded Future, says infections typically begin through malicious links and fake applications, but are increasingly occurring through more covert methods.
He points to recent research on malicious browser extensions that infected millions of users, noting that it shows how tools that appear harmless can turn into surveillance devices.
These methods, often developed by state-linked actors, reflect a trend toward more secretive, persistent intrusions at the device level itself.
A Growing Problem
Over recent years, spyware has become an expanding issue. Governments and manufacturers assert that these tools are used only against criminals and terrorists or for national security purposes.
The reality is different, according to Rebecca White, a researcher at Amnesty International specialising in targeted surveillance. She says that human rights activists, journalists, and many others around the world have been unlawfully targeted with spyware. She adds that these tools are used as instruments of repression to silence those who speak truth to power.
White explains that data can be weaponised, leading to further violations, especially against individuals who already face discrimination based on identity, such as gender or race.
Targeting is not limited to activists. Mobile spyware now appears to affect a broader segment, particularly in work environments, from government officials to information technology staff in the financial sector, often to steal login credentials for corporate systems.
Signs Your Device May Be Compromised
Spyware is difficult to detect, especially advanced types such as Pegasus and Predator, which are usually identified only through specialised forensic analysis. Still, subtle signs may appear, such as the device overheating, slowing down, or the camera or microphone activating without an obvious reason.
Sudden drops in performance or changes in connectivity may also serve as early indicators. Receiving an official threat notification from Apple, Meta, or Google is a clear sign that must be taken seriously.
Other indicators include the leakage of private information you never shared, or friends and colleagues being compromised.
How to Prevent and Mitigate Spyware
The best way to reduce risk is to prevent attackers from taking control of your device in the first place. If you feel you are at risk, Apple offers Lockdown Mode, which provides enhanced security while limiting certain functions, such as blocking most message attachments and incoming FaceTime calls.
This mode can be activated through Settings, then Privacy and Security, then Lockdown Mode.
Apple states that there has never been a successful large-scale malware attack on iPhone devices, and that the only real-world operating system-level attacks on iOS have involved highly sophisticated mercenary spyware.
The company has also developed new mechanisms to counter these threats, including Memory Integrity Enforcement, a persistent protection that helps prevent exploitation of memory vulnerabilities commonly used in spyware attack chains.
For Android users, Google provides Advanced Protection, which has been strengthened in Android 16 with features such as logging intrusion attempts, USB protection, and disabling automatic reconnection to unsecured networks.
Alongside these features, experts advise avoiding clicking links from unknown sources, monitoring any changes in device performance, using a trusted VPN, and scrutinising follow requests on social media.
It is also recommended to strictly control installed applications, avoid sideloading on Android, and keep the operating system and applications updated, as updates close vulnerabilities relied upon by spyware.
Experts note that restarting the phone may temporarily disrupt spyware activity, but the most effective solution in the case of confirmed compromise is to abandon the device entirely.
Sunna Files has no billionaire owner or shareholders demanding profit.
We are fiercely independent, and every dollar we receive is reinvested directly into our journalism
Click here to donate & fund your Islamic Independent Platform
