Iphone Malware 101: Common Forms, How to Detect and Remove It

iPhone malware tends to be rarer overall compared to the malware strains which are targeting Android-based smartphones. That’s because iPhones are more expensive and thus benefit from better protection, updates and support from Apple, the company which issues them.


But although not so common, iPhone malware is not unheard of. Furthermore, the strains of malware which do manage to infect iPhones are all the more dangerous, precisely because they managed to get past Apple’s defenses. Since iPhones are more expensive, this also means that they belong to wealthier users, on average, so they make better targets for hacking.


In this guide, we’ll explore all the dangers of iPhone Malware, how it works, how you can detect it and remove it. Furthermore, we’ll also address the issue of connecting an infected iPhone to a business network, since we noticed this is a concern many of our business partners share.


How Come iPhones Can Get Viruses?


Technically, the Apple promise and guarantee to iPhone users is that the chances of contracting malware on their smartphones is zero. The much advertised ‘walled garden’ environment of iPhones is built towards not allowing any malware to gain a foothold in the protected iOS environment.


Apple representatives insist that for average consumers (non-business users), there is almost no risk of ever getting iPhone malware on their phones. The very closed approach of the Apple security environment requires all apps and software to be vetted through the Apple Store before users can install them on iPhone.


Furthermore, with the Apple OS there’s almost none of the fragmentation encountered in the Android OS, which proves to be a fertile ground for phone malware. Since there are a lot of different version sof Android OS in the wild, hackers can exploit this lack of homogeneity to their advantage, in order to push some malicious code through the cracks. Theoretically, this couldn’t happen with the Apple OS, since they took much greater care to avoid fragmentation.


However, as optimistic as Apple representatives are, this doesn’t actually guarantee that no malware can ever get through. We as pentesters know that better than anyone – there’s no such thing as an impenetrable fortress. In truth, the tightened Apple security works to reduce the number of possible viruses which can get through. If there are less strains of iPhone malware which can get into the phones, then the probability of infection is also greatly reduced compared to Android phones, for example.


But this doesn’t eliminate the possibility of getting iPhone malware in your device, not completely. Furthermore, those strains of malware which can still manage to get in are bound to be of the more dangerous variety, since they can bypass the famed ‘walled garden’ security environment.


Known Forms of iPhone Malware and Security Incidents


Confirmed strains of iPhone malware in the wild are indeed more dangerous than your average Android virus. But the financial effort required to sustain the developing of an effective iPhone malware is so great that only very high-profile players can afford it. Most likely, it’s nation state actors who sponsor the developing of iPhone viruses and malware, for the purposes of intelligence gathering.


If dealing with malware that expensive, the people who should be most wary of getting their iPhones infected with malware are journalists, activists and politicians who could be targeted by the government of other countries. For example, the recent Whatsapp virus which infected phones just by calling them once was able to penetrate the defenses of iPhones. Journalists were the most targeted victims of this hack, regardless of whether they had iPhones or Android phones.


In this case, the hackers (which seemed to have been sponsored by the Israeli state) exploited a vulnerability in the Whatsapp code in order to bypass the iPhone security. Since Whatsapp is well-known app and already vetted by the Apple Store, there was no problem for it to gain access to iPhones, as long as its compromise was secret.


Other noteworthy and still active in the wild iPhone malware strains include the following:


#1. Lock Saver Free (2015)


This iPhone malware was essentially an adware tweak meant to redirect ad revenue from its rightful owner to a locker presumably owned by the authors of the malware. But while it wasn’t particularly upsetting or disruptive for average iPhone users (except for a few issues of slowing down their phones), it proved that the iPhone is not unhackable, even in the age of Apple’s tightened security.


#2. KeyRaider (2015)


Users who jailbreaked their iPhone devices had a nasty device when they discovered the KeyRaider malware stealing their accounts in 2015. Exploiting a vulnerability common only to jailbroken iPhones, this malicious app worked by intercepting iTunes traffic. Then, it was able to steal the Apple account names, passwords and user IDs, as well as the GUID of devices – everything a hacker needs in order to wreak havoc on personal data and finances.


The scariest part? The malware is still active today, so never ever jailbreak your iPhone. According to researchers, the KeyRaider stole over 225,000 account credentials from iPhone users so far.


#3. XcodeGhost (2015)


This piece of malware targeted Chinese iPhone users, who often download and then redistribute copies of apps among themselves in order to save time. This is something done in order to cope with the slow download speeds in China, but the hackers found in it a vulnerability to be exploited.


#4. YiSpecter (2015)


YiSpecter is one of the most worrying strains of iPhone malware, targeting apps signed with enterprise certificates. It is able to use private APIs in order to break into all iPhones, regardless of whether they have been jailbroken or not. Once it gains entry into your iPhone, it behaves most aggressively by replacing your normal apps with fake copies that it downloads, makes every app display ads and steals your information.


#5. Muda (2015)


A rather harmless adware targeting Chinese users, especially those with jailbroken phones, the Muda iPhone malware can quickly become very overwhelming, even if all it does is display ads. The pop-ups get so bad that at some point users find it impossible to keep using their phones. The malware has been nicknamed AdLord, and for good reason.


#6. AceDeceiver (2015)


This iPhone malware exploits a vulnerability built into Apple’s DRM mechanism and then gets into non-jailbroken devices via a desktop app which is downloading malicious content from the App Store. Yes, in spite of Apple’s best precautions, there is content corrupted with malware even in its own App Store, the place where it insists users should download from exclusively.


#7. Safari Javascript Pop-up Scareware 2015)


Fixed only in 2017, nearly two years after it initially surfaced, this iPhone malware was in fact a Safari exploit based on Javascript. It made the Safari browser on the infected phones display scareware messages meant to frighten the user into installing other apps or paying a ransom in order to recover lost data or for accessing the browser.


Apple managed to solve the issue by changing the way Safari opened pop-up dialogue boxes. This way, the attack vector of the iOS malware was neutralized, but it gave users quite a scare until it was contained.


#. Golduck (2019)


Although some security researchers suspected the Golduck malware exists in the wild for over a year, only in January 2019 it was revealed that this strain of malware is connected to dozen of different iPhone apps. This means that the virus was able to bypass the ‘walled garden’ protection of the Apple Store vetting process and infected any iPhones it chose to.


The only take-away from this rather upsetting news is that the Golduk malware was found in 14 gaming apps. It seems that as long as you don’t install games on your iPhone, you will be safe from it, for now.


You should also note that the list of iPhone malware presented above only includes malware which targets consumers and the regular public. The iPhone threats devised by state actors to spy on persons of interest were left aside, precisely because they require more resources and they are not something which could easily spread and affect any individual or business through contagion alone.


Detecting iPhone Malware and Removing It


Even if the risk of getting infected with iPhone malware is low, it doesn’t mean it can’t happen, as we keep saying. Here are a few warning signs that are most likely a symptom of malware infection on your iPhone:


    • The Safari browser keeps redirecting to some pages you did not request;


    • You notice emails being sent from your account without permission, or your friends complain about such incidents even though you see nothing unusual in your Sent folder;


    • You notice text messages being sent from your iPhone without permission, or your friends ask you about them in a similar way;


    • The App Store is opening on its own even if you didn’t plan to browse it;


    • Changed settings that you distinctly remember not opting for;


  • Frequent app crashes


Take all these with a grain of salt though – especially the last two items on the list can also be signs of a bug or an update gone wrong, not just a certain iPhone virus.


To make sure you’re not infected, this is what you need to do to solve the problem and remove iPhone malware, in this order:


    • Uninstall the app which is causing trouble. Click hold on its icon and select uninstall or do it directly from the app store;


    • Clear the Safari browser cache – it’s amazing how many issues can be solved simply by clearing the cache on iPhones!


    • Restart your iPhone – this can also help tremendously with any performance issues or unexplained ways in which the phone is acting up;


    • Reboot the iPhone to an earlier version – if the previous 3 tasks don’t get rid of the weird symptoms, it’s a sign that you are indeed dealing with a very likely iPhone malware infection. Rebooting the iPhone to an earlier version could help get rid of it. Bear in mind that you will also lose all data added to the phone since that version you are now restoring, so don’t go for this unless it’s a last resort.


    • After rebooting the iPhone, install the latest version of anti-malware software which is compatible with iPhones and also contact Apple support. Refrain to connect to your wi-fi until you are sure that the iPhone is now malware-free. Otherwise, you could potentially give the virus an opportunity to create backups or infect other devices as well.


  • If rebooting the iPhone to an earlier version doesn’t work either, go for a more extreme reboot: restore factory settings. This will give you a phone in the very stages it was when you bought it, deleting all data you accumulated on it since. Again, only do this if you’re sure there’s no other way.


To prevent getting an iPhone malware infection, these are the proactive measures you should take:


    • Never postpone any update – we explained that unpatched software and operating systems are a major vulnerability for malware to get through;


    • Never jailbreak your phone as this can weaken its security on the long run;


    • Up to now, we would have advised installing only recommended apps from the App Store. But since Apple itself is opening its gates (see more on this below), you can’t maintain such an isolation, not realistically. What you should do instead is to make sure that the apps you want to install are trustworthy. Read lots of reviews from reputable sources before you make up your mind. Get a second opinion from professionals if you’re not sure.


  • Extra tip: Be mindful of the permissions that an app is requesting. If it’s a simple flashlight app and it requires permission to access your microphone during installation, something is obviously not right. Halt installation, delete files and chose another app.


Wrapping it up


In a very recent ruling, it seems that iPhones will need to open up their environment to other app stores as well, in order to avoid accusations of monopoly. What this means for iPhone users is that the risk of getting infected with iPhone malware is only bound to get higher from now on. Anyone who uses their iPhone in order to handle sensitive data should be wary.


Business iPhone users in particular need to pay extra attention to their network security, if employees are bringing iPhones inside the workplace and connecting them to the business wi-fi.


Avatar photo
Amar Basic


No Comments

Post a Comment