Apple Intelligence now features Image Playground, Genmoji, Writing Tools enhancements, seamless support for ChatGPT, and visual intelligence.

Apple Intelligence has also begun language expansion with localized English support for Australia, Canada, Ireland, New Zealand, South Africa, and the U.K. Learn more >

You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

How to scan or find out if my iPad is under the control of malware or a keylogger?

Less than 2 years ago, my identity was compromised with someone applying for credit cards, a loan, PayPal and Cash App (something like that, can’t remember exact) in my name. I was notified of everything via snail mail, and called the phone #’s provided to get info and claim my identity. When I called the # on the card for the Cash App, the customer service person said I had to install the Cash App and he needed to gain access to my iPad, which I stupidly did and allowed. Halfway into our conversation, he wanted me to open my bank Acct app. That’s when realization hit that this was a scam and a phishing expedition - - I quickly ended the call, deleted the Cash App and his access (or so I hoped)! I don’t know if he was able to install spyware or malware on to my iPad, because ever since then, when I go to my store apps or their websites on Safari, they have my location as being in Newark, NJ (I live in South Jersey, near Camden, NJ), and this morning (8/30/22), I received a message that there were unsuccessful attempts to access my Apple ID from Newark, NJ, and to change my password immediately, which I did. This is very frustrating and scary! What can I do to find out for sure if someone has access to my iPad and iPhone? Should I make an appointment with my Apple Store to have both checked out? Please Help!

Thanks!

Eileen


iPad Pro, iPadOS 15

Posted on Aug 30, 2022 10:24 AM

Reply
Question marked as Top-ranking reply

Posted on Aug 30, 2022 3:23 PM

With your devices already updated to the most recent versions of their respective Operating Systems, your devices themselves are at low risk of direct compromise. If you remain concerned, perhaps follow my existing advice with a Factory Restore of each.


There really is no additional benefit in taking your devices to an Apple Store to be “checked-out” - unless this gives you peace of mind. If any help is offered, it will most likely entail a Factory Restore - as already outlined.


There are no true Antivirus Products available for iOS/iPadOS. Those that claim to provide AV protection are little more than “snake oil” - and should generally be avoided. The sandboxed system architecture of iOS/iPadOS prevents any App, including so called security Apps, from “scanning” your iPad. Of such Apps, those that have any efficacy in providing direct protection from malware and other threats, redirect your network traffic via an external proxy where your network traffic can be examined by a third-party.


Should you have concern for the security of your AppleID account, you should immediately change your AppleID Password - and then perform additional actions for each of your devices:

If you think your Apple ID has been compromised - Apple Support

Change your Apple ID password - Apple Support

What to do after you change your Apple ID or password - Apple Support


As for using a VPN, this will provide useful additional protection when connecting to untrusted public networks - but offers limited benefit (and due to protocol overheads reduces available connection bandwidth/throughput) when connecting to your home and other trusted networks.

Similar questions

3 replies
Question marked as Top-ranking reply

Aug 30, 2022 3:23 PM in response to emabbey

With your devices already updated to the most recent versions of their respective Operating Systems, your devices themselves are at low risk of direct compromise. If you remain concerned, perhaps follow my existing advice with a Factory Restore of each.


There really is no additional benefit in taking your devices to an Apple Store to be “checked-out” - unless this gives you peace of mind. If any help is offered, it will most likely entail a Factory Restore - as already outlined.


There are no true Antivirus Products available for iOS/iPadOS. Those that claim to provide AV protection are little more than “snake oil” - and should generally be avoided. The sandboxed system architecture of iOS/iPadOS prevents any App, including so called security Apps, from “scanning” your iPad. Of such Apps, those that have any efficacy in providing direct protection from malware and other threats, redirect your network traffic via an external proxy where your network traffic can be examined by a third-party.


Should you have concern for the security of your AppleID account, you should immediately change your AppleID Password - and then perform additional actions for each of your devices:

If you think your Apple ID has been compromised - Apple Support

Change your Apple ID password - Apple Support

What to do after you change your Apple ID or password - Apple Support


As for using a VPN, this will provide useful additional protection when connecting to untrusted public networks - but offers limited benefit (and due to protocol overheads reduces available connection bandwidth/throughput) when connecting to your home and other trusted networks.

Aug 30, 2022 10:35 AM in response to emabbey

While it is unlikely that you’ll have any lingering remote-access to your iPad - if you are worried, delete any Apps that give any cause for concern, then ensure you have a current iCloud or iTunes backup of your iPad:

How to back up your iPhone, iPad, and iPod touch - Apple Support


When you are certain that you have a backup, perform a Factory Restore of the iPad. This procedure will completely wipe the iPad and install a fresh copy of the most recent version of iOS/iPadOS supported by your iPad:

Restore your iPhone, iPad, or iPod to factory settings - Apple Support


The Factory Restore will ensure that you have a completely clean installation of iPadOS. At conclusion of the procedure, you’ll have opportunity to restore your data from your iCloud/iTunes backup. Any Apps that remained prior to the Factory Restore (minus anything of concern) will be reinstalled from the App Store.



Due to the system architecture of iOS/iPadOS, unless jailbroken, your iPad is not susceptible to traditional malware infection per-se. However, as with all computer systems, there are still vulnerabilities and exploits to which you remain vulnerable. For older devices, no longer benefiting from regular security updates, the risk of an unpatched vulnerability being exploited increases. Keeping your iPad fully updated will provide a high degree of protection from known and emerging threats.


The majority of threats and exploits to which you will be invariably exposed will surface via web pages or embedded links within email. These browser-based attacks can largely be mitigated by installing a good Content and Ad-blocking product. One of the very best and most respected within the Apple App Store - designed for iPad, iPhone and Mac - is 1Blocker for Safari.

https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024


1Blocker is highly configurable - and crucially does not rely upon an external proxy-service of dubious provenance. All processing takes place on your device - and contrary to expectations, Safari will run faster and more efficiently. 


Unwanted content is not simply filtered after download (a technique used by basic/inferior products), but instead undesirable embedded content blocked form download. A further benefit on metered services, such as cellular connections where you data may be capped or chargeable, this not only improves speed but also saves you money. 1Blocker has also recently introduced its new “Firewall” functions - that are explicitly designed to block “trackers”. Being implemented at the network-layer, this additional protection works across all Apps. Recent updates to 1Blocker has introduced additional network extensions, extending protection to other Apps.


A further measure to improve protection is to use a security focussed DNS Service in preference to automatic DNS settings. This can either be set on a per-device basis in Settings, or can be set-up on your home Router - and in so doing extends the benefit of this specific protection to other devices on your local network. I recommend using one of the following DNS services - for which IPv4 and IPv6 server addresses are listed:


Quad9 (recommended)


9.9.9.9

149.112.112.112

2620:fe::fe

2620:fe::9



OpenDNS


208.67.222.222

208.67.220.220

2620:0:ccc::2

2620:0:ccd::2


Cloudflare+APNIC


1.1.1.1

1.0.0.1

2606:4700:4700::1111

2606:4700:4700::1001



Use of the above DNS services will help to shield you from “known bad” websites and URLs - and when used alongside 1Blocker, or other Content Blocker provides defense in depth.


There are advanced techniques to further “harden” iOS/iPadOS (such as using DoH, DoT and DNSSEC). Apple has recently introduced its new Private Relay to its iCloud+ subscribers - in part employing DoH as an element of this new functionality.


I hope this information and insight proves to be helpful. 


Aug 30, 2022 12:46 PM in response to LotusPilot

LotusPilot: Thanks So Much for taking the time, and giving me all this info.


I always keep my iPad Pro 2nd generation and iPhone 7 Plus updated with the current software (15.6.1) and they are both regularly Backed-up to my iCloud+ Acct, but after this attack on my Apple ID, and now, my Apple Watch Series 2 won’t pair with my iPhone, no matter what I try, it really has me worried. As a result, I installed the Avast One app on both my iPad & phone (with the free version, I get VPN Secure Connection and Web Shield and can run scans to check my privacy). As far as my Router, I have an Apple AirPort Extreme 802.11 ac, but since Apple doesn’t make this anymore, the last software version is 7.9.1. I have Xfinity as my Internet provider, but wasn’t aware that I could change my DNS Service.

‘Should I just make an appointment with Apple Support at my local Apple Store and take all 3 devices (iPad, iPhone & Watch) to be checked-out?

How to scan or find out if my iPad is under the control of malware or a keylogger?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.