Sophisticated iOS hack

Hi. My iPhone started bugging me with a suspicious notification in the official Settings app. It says that I might lose access to my iCloud account unless I confirm my recovery code. I am advised to enter the full code in order to confirm it or - as an alternative - create a new one. The whole thing looks pretty much like a phishing attempt to me, but if it is that would be a very severe concern as the hackers would have been able to inject their malicious code into Apple’s proprietary settings app despite the fact that I have always kept my iPhone up-to-date via automatic updates. I googled for the notification message and did not find any results matching this specific subject. I searched in both German (which is the system language on my iPhone) and English without success. Yesterday I have been to the local Apple store and the support staff could not ultimately confirm that the message is authentic. Although they could not find any reliable information regarding the matter themselves, they seemed pretty confident that nothing is wrong with it because it shows up in iOS internal components which would be impossible to compromise due to the hard- and software security mechanisms. However, that did not fully convince me. Today I came up with an idea; I changed my iPhone’s system language in order to check if the notification message and the GUI components of the suspicious settings submenu would reflect the change, as Apple includes internationalitation resources in all their user-related code. The surprising result is that neither switching over to French nor selecting English had any effect on the „recovery code confirmation“ component. The affected device is an iPhone XS running iOS 17.1.2.

Can anyone here provide an explanation please ? I can post screenshots if needed.

Thanks for your attention,

Christian