i believe someone has installed Repo, a Python snake program, in my iCloud account. I’ve called my local Mac repair shop, but I’d rather do the repair if I can. How do I get rid of it?
iPhone SE, iOS 14
The only Python scripts that can access your iCloud account still require the user to know your iCloud AppleID and password. So if you’ve changed your password and enabled 2 factor authentication, nobody can run anything like pyicloud or any other python script, nor any other script in any coding language. Nothing can access your data as long as your AppleID is not compromised.
If your AppleID is compromised, then whomever has it can log in just as you do and access everything. They don’t even need a script, they can just install your backup to their device.
Note that you cannot install and execute anything in iCloud. It does not allow user based code to run. So there is nothing to scrub in iCloud. iCloud passively allows read and write data. It does not allow the upload of code and its execution on Apple’s servers.. The public Python tools for interfacing with iCloud all run on a computer somewhere and are used to query calendars or other data for legitimate use (which doesn’t mean they cannot be abused by people who have access to other people’s AppleID).
The only Python scripts that can access your iCloud account still require the user to know your iCloud AppleID and password. So if you’ve changed your password and enabled 2 factor authentication, nobody can run anything like pyicloud or any other python script, nor any other script in any coding language. Nothing can access your data as long as your AppleID is not compromised.
If your AppleID is compromised, then whomever has it can log in just as you do and access everything. They don’t even need a script, they can just install your backup to their device.
Note that you cannot install and execute anything in iCloud. It does not allow user based code to run. So there is nothing to scrub in iCloud. iCloud passively allows read and write data. It does not allow the upload of code and its execution on Apple’s servers.. The public Python tools for interfacing with iCloud all run on a computer somewhere and are used to query calendars or other data for legitimate use (which doesn’t mean they cannot be abused by people who have access to other people’s AppleID).
If you think this person acquired your AppleID password and used it to exploit your data and devices then the first thing you need to do is change your AppleID used with iCloud’s password, and enable 2FA.
See -> If you think your Apple ID has been compromised - Apple Support
But, if you further believe they’ve used that compromised AppleID to hack your device then the only thing you can do is restore the device as new in iTunes or Finder, or erase all content and settings on the device itself. Then, set it up manually as a new device. Do not trust any iCloud backup, nor any iTunes backup you may have made since the time you believe you’ve been compromised. Set up the device as a new device. Sign into your now secured iCloud account with your AppleID but do NOT restore from a backup. You can reinstall apps from your purchase history. Your sync’d iCloud data (contacts, notes, messages, photos) should sync as they cannot be used to infect your device with malicious code.
All of the exploits I’ve mentioned require someone knowing and having login access to your AppleID. So first and foremost you must secure your AppleID to lock them out of it. The malicious code on any devices can only get there from a restored compromised iCloud backup made by whomever knew your AppleID. Once you’ve secured your AppleID, just be sure to NOT use any backup when erasing and setting up your devices anew, and then delete any and all existing iCloud or iTunes backups and start those again with new backups.
There are definitely tools that can be used to exploit people’s iCloud data, but they cannot be installed and run in the iCloud system itself. That’s a basic security concept of all user cloud based data storage only systems. They do not allow the execution of any code within the users storage silo.
And all of the known or identified exploits still require having legitimate login access to the accounts being exploited. So your AppleID has to be compromised for any computer running any of that sort of software to actually get in and steal your data.
So for example, there are keyboard loggers that can be used by someone to record your key strokes. They way your devices get infected is someone gains access to your AppleID. They use your AppleID and password to restore one of their devices using your iCloud backup file. They then add their malicious code to their device, and make an updated backup, again though using your AppleID and your iCloud. The hacker then does something like a remote erase of your device, or less drastically, maybe deletes a bunch of messages or files you had in iCloud Drive. That will hopefully make you then restore your device from your iCloud backup, thus installing their hack onto your device (their code cannot run in iCloud itself, but it can run in iOS just fine once you’ve restored with the hacked backup).
But it all comes down to the hacker first acquiring, somehow, the ability to use your AppleID to login to your iCloud account as you. It is also one of the reasons Apple is being so forceful with 2 factor authentication - to add that extra layer of security to your AppleID beyond just a password.
I am unfamiliar with what you're referring to but you can certainly perform the following -- Restore your iPhone, iPad, or iPod to factory settings - Apple Support.
Thanks for your advice. From everything I’ve read up on today, REPO is kind of like a TROJAN worm, but for MAC products that’s executed from Android phones into the User’s iCloud directly. What I read online called it a “PYTHON snake,” moving anonymously throughout your iCloud. I’d never even have noticed it, except that there were some pages open on my phone that I knew I didn’t open, along a few other suspicious things that all added up to what I think is a complete hack.
So now that I have it, I don’t know how to scrub it from the Cloud... that’s a different situation than restoring the factory settings on my computer.
Thank you for answering my question, Michael. I’m not sure that I like the answer, but at least I know what I’m dealing with. I’m sure not going to “shoot the messenger!” haha! Now, I’ll be off to change names, emails and passwords. I do appreciate your taking the time to help me and answer my questions. Have a great evening!
That’s just exactly what I believe he’s done. He always sends me files that I’m wary of downloading, because I am distrustful of this person to begin with. Then, last Saturday, I finally accepted him as a Friend on my Facebook account. I woke up on Saturday to the opened up web pages, and I knew something was up. He’s messed with messages and files.
Im not sure what to do at this point, other than to leave everything where it is or to delete it from the Cloud.
i believe someone has installed repo, a Python snake program, in my iCloud account. What should I do?
