User profile for user: GregTanner
GregTanner Author
User level: Level 1
4 points

Malware via mail - on an iPad

Very un-tech savvy elderly neighbour received and email (she's got a Yahoo address) apparently from a friend - fairly typical spoof 'you didn't reply to my last email' message that may or may not have had a link in it - she can't remember. She says she didn't do any more than open the email and read it on a library computer, then deleted it. She got home and checked her iPad mail and found that she had emails from a few (3 or 4) friends in her address book telling her she'd sent the similar message to them. So looks like some malware somedwhere.


She only reads email on the library computer (so I assume though a web browser) and on her iPad. I've said I'll call later to take a look - just thought I'd ask if a) there is any app for iPad that I could install that gives her protection against malware (she'll worry about this till the cows come home) and b) if any malware sent via an email could be a problem for the library computer?

I don't imagine the latter is a problem as I would assume that the library machines have robust AV protection installed. But I don't know how these kinds of malware work. I also don't imagine that the iPad will be infected, but on the other hand she does appear to have somehow tirggered the onward transmission of a similar message. Though one friend tells her that her email appears to be a hotmail one, which is not correct.


What should I be checking for her, please? Bith in her mail client with Yahoo and her iPad - she's told the library who didn't seem too concerned but said they'd check their machin. Any ideas or whatever, appreciated!


Greg

Posted on Jan 7, 2022 6:14 AM

Reply

Similar questions

2 replies
User profile for user: LotusPilot
LotusPilot
User level: Level 10
306,701 points

Jan 7, 2022 6:53 AM in response to GregTanner

As described, setting aside the initial spoof email that perhaps started the chain of events, the source of later emails purporting to originate from your from your friends email account is very unlikely to originate from the iPad. I’ll explain more in a moment.


It is possible that your friend’s email address book has been somehow been harvested from a PC or other computer - or perhaps your friend’s email address has been harvested from someone else’s address book. The manner in which this has occurred can only be surmised without more detailed analysis of emails sent and received - but it is perhaps likely to be some form of malware running on the victims computer that has extracted various email addresses.


A common mechanism to get malicious email to a victim (in this case, your friend’s friends, who have seemingly received email from your friend) is to send email with a spoofed sender’s address (your friend) to the intended victim (your friend’s friends). They will perhaps open these email messages because they come from a “trusted” source; malware that may be included in the email then has opportunity to attack the victim’s computer.


Returning to the iPad…


Due to the system architecture of iOS/iPadOS, unless jailbroken, an iPad is not susceptible to traditional malware infection per-se. However, as with all computer systems, there are still vulnerabilities and exploits to which you remain vulnerable. 


While an iOS/iPadOS device is unlikely to be directly infected by malware, it is still possible to easily download an “infected” file to the iPad - which if transferred elsewhere still has the capacity to infect other computer systems with malware.


There are no bona-fide anti-malware products for iOS/iPadOS. Again, due to the “sandbox” system architecture, products of this type are ineffective - as anti-malware products cannot “scan” any memory outside of their own protected area of memory (their own sandbox).


A useful degree of protection can however be added to iPad/iPhone. Methods to mitigate against exposure to malware and other threats are limited - the most effective being (a) use of a good Content/Ad-blocking product - and (b) in using a security-focussed DNS service in preference to automatic settings. Combined, a significant proportion of malicious content can be stopped before reaching the iPad - but this alone cannot prevent email addressed to a recipient from reaching their inbox; email requires vigilance in identifying potentially “bad” email.


One of the very best and most respected Content Blocker Apps within the Apple App Store - designed for iPad, iPhone and Mac - is 1Blocker for Safari.

https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024


1Blocker is highly configurable - and crucially does not rely upon an external proxy-service of dubious provenance. All processing takes place on your device - and contrary to expectations, Safari will run faster and more efficiently. 


Unwanted content is not simply filtered after download (a technique used by basic/inferior products), but instead undesirable embedded content blocked form download. A further benefit on metered services, such as cellular connections where you data may be capped or chargeable, this not only improves speed but also saves you money.


1Blocker has also introduced its new “Firewall” functions - that are explicitly designed to block “trackers”. Being implemented at the network-layer, this additional protection works across all Apps.


For security focussed DNS, I strongly recommend using one of the following services - for which IPv4 and IPv6 server addresses are listed:


Quad9 (highly recommended)

9.9.9.9

149.112.112.112

2620:fe::fe

2620:fe::9


OpenDNS

208.67.222.222

208.67.220.220

2620:0:ccc::2

2620:0:ccd::2


Cloudflare+APNIC

1.1.1.1

1.0.0.1

2606:4700:4700::1111

2606:4700:4700::1001


Use of the above DNS services will help to shield you from “known bad” websites and URLs - and when used alongside 1Blocker, or other Content Blocker provides defense in depth.


There are advanced techniques to further “harden” iOS/iPadOS (such as DoH, DoT and DNSSEC), but these are perhaps beyond the immediate skills of novice users.


I hope this information and insight proves to be helpful. 

Reply
User profile for user: GregTanner
GregTanner Author
User level: Level 1
4 points

Jan 7, 2022 12:31 PM in response to LotusPilot

Wow, thank you so much for the comprehensive reply. I am not too worried about the iPad for the reasons you provide - but I didn't want to presume that my impression was solid. As much as anything I need to be able to reassure Beth (her name) that this isn't really her fault or doing and that worrying about it isn't going to help - which I have done frequently, but put her mind at rest that it's not going to re-occur. I'm sure most of us have had emails similar to the one she appeared to have sent and most of us just ignore them, in Beth's case a lot of people responded out of concern (it alleged she had Covid) so the amount of reaction contact she had, just escalated her worry for herself and others. I just wondered if the opening of a mail could trigger the actions of malware - if so, then I don't know how any of us wouldn't be in the same spot. since these mails are often harmless in appearance as far as the header is concerned.


Thank you for the time and effort to put that together- I'll pass it on to her and assist her if she wants to do more to protect her iPad - using the Library computer isn't her look out, or mine! :-)

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Malware via mail - on an iPad

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up