"The phishing campaign included persistent attacks via iMessage/Apple Messenger and WhatsApp app, [...] impersonating Apple Support," SMEX, a digital rights non-profit in the West Asia and North Africa (WANA) region, said. "While the main focus of this campaign appears to be Apple services, evidence suggests that other messaging platforms, namely Telegram and Signal, were also targeted." "If the targeted user is not logged in to Google, they are prompted to enter their credentials (username and password). "While ProSpy exfiltrates data to server endpoints starting with 'v3,' Dracarys exfiltrates data to server endpoints starting with 'r3.'" These connections notwithstanding, what makes the campaign unusual is that Bitter has never been attributed to espionage campaigns targeting civil society members.

Source: The North Africa Journal April 09, 2026 16:43 UTC