Bloomberg is reporting that in July 2020, an Azerbaijani journalist was the victim of a zero-click attack, commonly used by governments to target political opponents.
The journalist's iPhone received a command to open the Apple Music app without the victim's knowledge or even touching the phone. The app then connected to a malicious server and downloaded spyware to the phone, listening in on calls and viewing text messages for nearly a year and a half.
Behind the attack is spyware manufacturer NSO Group, which sells technology to governments and law enforcement agencies, Bloomberg reported. Based in Israel, NSO Group claims its software is typically used for good—stopping terrorism and curbing violent crime.
But some governments have used Pegasus—the name of the spyware—for nefarious purposes, including attacking critics in more than a dozen countries.
[RELATED: Apple Sues 'Abusive State-Actor' NSO Group]
While Apple devices are the main target of these attacks that expose security vulnerabilities, NSO Group also has designed zero-click spyware aimed at Android phones. Typically, messaging services—iMessage for Apple, WhatsApp for Android—are the vehicle used to transfer malicious code onto devices.
Read the full Bloomberg article.