Phishing email
Accidentally opened email. Did not click on anything. How do I check for malware
iPad Pro, iPadOS 16
Question marked as
Providing your iPad has been kept up-to-date with system software updates, you should not be overly concerned for your iPad being directly compromised by malware. However, there is one potential source of immediate issues that you may wish to check - this being for a vulnerability that is often exploited that gives the appearance of a malware infection. This involves your iPad/iPhone Calendar - the symptom being your Calendar appearing to have been populated with regular events that warn of malware infection.
Calendar Exploit
Whilst not a malware infection in the traditional sense, if this exploit is observed on your device, it is highly probable that you were manipulated (via a simple click on a website link) into “subscribing” an additional (unwanted) Calendar to your device - and this unexpected Calendar is exposing unwanted calendar events and sending you unexpected “adverts” or other warnings.
If you see this issue, you’ll need to check for what’s out of place...
iOS/iPadOS13 and earlier: Settings > Passwords and Accounts
iOS/iPadOS14: Settings > Calendar > Accounts
Look for an “account” that shouldn’t be in the list of accounts - as this will likely include the Calendar that contains all the unwanted events. When/if you find the suspect account, tap - then select Delete Account. This should resolve this specific problem in its entirety.
Malware & Mitigations
Due to the system architecture of iOS/iPadOS, unless jailbroken, your iPad is not susceptible to traditional malware infection per-se. However, as with all computer systems, there are still vulnerabilities and exploits to which you remain vulnerable. For older devices, no longer benefiting from regular security updates, the risk of an unpatched vulnerability being exploited increases. Regardless of the installed version of iPadOS, there are useful mitigations that can be used to significantly reduce your exposure to risk.
The majority of threats to which you will be invariably exposed will surface via web pages or embedded links within email or other messaging platforms. Browser-based attacks can be largely and successfully mitigated by installing a good Content and Ad-blocking product. One of the very best and most respected within the Apple App Store - designed for iPad, iPhone and Mac - is 1Blocker for Safari.
https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024
1Blocker is highly configurable - and crucially does not rely upon an external proxy-service of dubious provenance, often utilised by so-called (and misleading) AntiVirus products marketed for iOS/iPadOS. The sandboxed security architecture inhibits App processes from accessing memory or system storage outside of its own sandbox. By contrast, 1Blocker creates a ruleset that is passed natively to Safari where rule processing executes; contrary to expectations, Safari will run faster and more efficiently.
Unwanted content is not simply filtered after download (a technique used by basic/inferior products), but instead undesirable embedded content is blocked from download - reducing bandwidth and rendering overheads. A further benefit on metered services, such as cellular connections where you data may be capped or chargeable, this not only improves speed but also saves you money. 1Blocker has also introduced its new “Firewall” functions - that are explicitly designed to block “trackers”. Being implemented at the network-layer, this additional protection works across all Apps. Recent updates to 1Blocker has introduced additional network-native extensions, extending protection to other Apps.
A further measure to improve protection is to use a security focussed DNS Service in preference to automatic DNS settings. This can either be set on a per-device basis in Settings, or can be set-up on your home Router - and in so doing extends the benefit of this specific protection to other devices on your local network. I recommend using one of the following DNS services - for which IPv4 and IPv6 server addresses are listed:
Quad9 (recommended)
9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::9
OpenDNS
208.67.222.222
208.67.220.220
2620:119:35::35
2620:119:53::53
Cloudflare
1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
Use of the above DNS services will help to shield you from “known bad” websites and URLs - and when used alongside 1Blocker, or other Content Blocker provides defense in depth.
There are advanced techniques to further “harden” iOS/iPadOS (such as using DoH, DoT and DNSSEC). Apple has recently introduced its new Private Relay to its iCloud+ subscribers - in part employing ODoH (a variant of DoH) as an element of this new functionality.
I hope this information and insight proves to be helpful.
