You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

💡 Did you know?

⏺ If you can't accept iCloud Terms and Conditions... Learn more >

⏺ If you don't see your iCloud notes in the Notes app... Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

How do I check my iPhone for spyware/malware

How do I check my iPhone for spyware/malware

iPhone 12

Posted on Apr 28, 2023 7:37 AM

Reply
Question marked as Top-ranking reply

Posted on May 29, 2023 10:21 AM

I am experiencing remote monitoring. More than that, I have used HO Smart Friend and they DID access my cell phone and view my computer screen THROUGH my phone to see what I was speaking about. That was the first time. So yes, remote accessing an iPhone 14 Plus IS POSSIBLE. I have reset my computer 6 times, it is currently out of my house, I have changed modems, I have reset two iPhones twice after I refused to pay ransom to keep access to contacts and family pictures. I was locked out and changed one phone number, and STILL they did it AGAIN on the changed phone number. I have reported to local county sheriff’s dept 3x, and since they won’t do anything have been instructed to contact a government agency whom I received the information about from a physical and VERY reliable source. They have access to things and I have changed my iCloud accounts more than once! So yes, they can remotely access and CONTROL mic and phone and camera and much more. They do it to me. I’m contacting Apple in a moment and doing EVEN more. Been happening since at least early March, probably longer. Any any weird thing that comes up, verify, question, do it, do not hesitate. I’m sorry to bust your bubble but HO DID remote access one phone and SINCE then I did reset and change my iCloud addresses as well as having gone thru about 20+ email addresses. I’m a no one, an everyday person, no government official etc, yet still organized and sophisticated attacks on ME only. Why?

53 replies

Feb 6, 2024 6:50 PM in response to Tmac5200

Will “xLSx123x” please reply to me? I have had the same issues since March 2023. In fact, there is a key logger logging my text as I write this. I have done inumerable things to right the situation, just as you did, with the same resilts. It is so frustrating, I’m tempted to just throw the phone—an iPhone 14 Pro Max—away. IF I can access it. I can’t even use my phone number. When I call out to ANY customer service line, I get this “help desk” with the same people who try to deter me from what I am attempting to achieve and who never have answers for me. I cannot call, for example, my own father or even 911.


Please get back yo me.


katherine


[Edited by Moderator]

Mar 30, 2024 10:44 AM in response to Jareddddd

Jareddddd wrote:

What did you do about this? This is happening to me right now.


”This” being a security breach across multiple devices, across multiple unrelated platforms and services, and the breach(es) persisting or being reintroduced after device and password resets and related steps?


If so…


That scale and scope puts your report here well outside what anybody here can assist with, as what you report would require you to be targeted by immensely rich entities using espionage-level tooling.

May 8, 2023 10:15 AM in response to Phil0124

An an iphone be cloned with the SIM card or device itself if they had access to it. Or if you have 2 devices both logged onto the same cloud and one is stolen can they get access to watch your screen listen to your microphone and access your data and saved files on the phone? I still have one of the iPhones and one was stolen which I put in lockdown mode and bc they knew the screen code took it out of lost mode. Somehow they are still able to access my files on my phone and see or hear the screen and mic. I know they have said they can clone phones and had a software or device able to do it with iPhones but even after changing my pad they are still accessing and even remotely controlling the phones mic and editing and deleting files saved on the device only. How is this possible and could it have something to do with the google accounts I also have on my I phone or is it the SIM card or remote accessing my device like was done with desktop computers by tech support.

Feb 22, 2024 5:33 PM in response to Regina779

Absolute same here! For over a year. Every phone, device, tv, blink cameras, Alexa’s, Apple Watches, tablets. I have same managed device, the Apache thing, apple developer account I never made, my iPhone is newer so no sim in phone but the sim kept being transferred to another device, I also have the AAA root that I can’t remove bc it’s greyed out, as well as the Linux Ubuntu or Linux Debian, something linux. There’s so much code. Unknown files. Different time zones. There is NOTHING I can do to remove it. I think it sniffs Bluetooth or travels over the internet to every nearby device and infecting it. I also think I know the culprit (my bf) but can’t be 1000% sure I didn’t just get virus or hacked. My phone provider is Xfinity and their reps said they think someone took my phone and used usb to download this. I also believe the calls and texts are not only recorded but can be somewhat controlled by whoever is doing this. Also I think my bf jailbroke my phone without my knowledge. When I go to my modem or router settings page there is an ip address added for a remote access. Do you think this is someone you know personally? Or do you think someone hacked/virus that you do not know. Ps usbs can be used to install Linux


[Edited by Moderator]

Feb 22, 2024 1:32 PM in response to Tmac5200

My ex-partner was accessing my iPhone XR for over a year before I realised what was going on. However that’s only because he WANTED me to know that he was keeping a very close eye on me.

He fairly certain he had access to my microphone and camera feeds because on more than one occasion he’s known exactly what I’ve been doing when I’ve been having ‘private guy time’ and other things he could only know from my camera or microphone. I’m uncertain whether he can screenshot or view my screen, however he definitely has access to my passwords because I was regularly losing access to my email, Spotify and everything else when the passwords were no longer valid and the recovery emails got changed.

He deleted all my photos from my iCloud, which then synced to all my devices. Before that though my photos and videos ended up on his laptop. I dunno whether iCloud web allows direct downloading of media like this, however my trusted devices list was consistently showing two iPhones so he had an iPhone logged into my Apple ID anyway. He has sent messages to my family and friends pretending to be me however that could’ve been via a cloned SIM card or just by using my iMessage.

Two of the strangest things were when I’d have a message from him on my iPhone Lock Screen, however when I’d go to Messages there would be no trace of ir. Another one I can’t get my head around is when I’d be typing a search term into Google and as I was typing the letters would be getting deleted, as though I had a backspace key with a mind of its own.

After many factory resets and using new Apple IDs it was all still going on so the iPhone is an expensive paperweight now and I got an Android instead. He did it to that as well, however a factory reset did seem to solve it cos there’s been no weird stuff happening since. Ended up getting myself a new iPhone anyway just in case and I use the android for things like apps that aren’t available on the iOS App Store or for filming stuff cos it has a bigger screen and better camera etc.


Jan 26, 2024 4:03 AM in response to Tmac5200

Im trying to reach someone who is facing with this issue.


1) If someone doing this to you from your company, friend or someone close to your home. Make sure getting a new wifi network and manage it to `` Guest Mode`` so If they reach out ur phone they would probably reached ur Wi-Fi network as well.


2) Don't use same Apple ID or backup from iCloud or anything. It would probably re effect your new iPhone.


3) Calm down and take a deep breath, make a search about the programs not the malwares. This piece of s*** spy programs. They are not malwares.


4) If there is any relatives in your home with old iPhone or android probably they are affected by the same person bcs same Wi fi network.


5) If you can't do anything about it sell ur iPhone and don't use any smart phone, buy a phone with no any internet connection. If there is a internet in a device, its not safe.


Btw these spy programs now doesn't require any physical touch, reaching, You can't see with ur own eyes like settings or photos app. Completely invisible in your phone. Anyone can track your phone by sending a link. It can be by sms, e-mail. You name it.


Stay safe. Missing old 2000s...

Apr 13, 2024 10:45 AM in response to BDFULLER

BDFULLER wrote:

How do I check for malware on my iPhone


What malware is around for iPhone is rare and targeted, and generally seeks to avoid detection. For what is known around, Apple already checked for it with the built-in anti-malware, built-in scanner, and built-in removal tools.


If that’s not enough assurance, then factory reset it, reinstall, don’t restore a backup, and verify your entire environment:


Most common exploits target the user. You. Me. Us. Not our devices. Weak or re-used passwords or phishing or other such, or cases with knowledge of our passcode and with physical access to our device. You will need to check that yourself using Security Check and related steps, and with your own personal security practices.


If that’s all not enough assurance, then you effectively believe you are the target for immensely expensive espionage tooling, and will accordingly need specialized and dedicated and tailored assistance with the entirety of your security. This direct assistance is well beyond what can be offered around here, or in any other online forum.


And again, and as some replies around the forums have also indicated, if you believe you are being targeted by national security agencies or immensely rich parties or foreign espionage services, or if your security issues have been ongoing for many months or years and with multiple previous discussions offering suggestions about security, then you are well beyond what assistance can be provided around here.



Mar 26, 2024 7:48 AM in response to Brp30

Brp30 wrote:

Absolute same here! For over a year. Every phone, device, tv, blink cameras, Alexa’s, Apple Watches, tablets. I have same managed device, the Apache thing, apple developer account I never made, my iPhone is newer so no sim in phone but the sim kept being transferred to another device, I also have the AAA root that I can’t remove bc it’s greyed out, as well as the Linux Ubuntu or Linux Debian, something linux. There’s so much code. Unknown files. Different time zones. There is NOTHING I can do to remove it. I think it sniffs Bluetooth or travels over the internet to every nearby device and infecting it. I also think I know the culprit (my bf) but can’t be 1000% sure I didn’t just get virus or hacked. My phone provider is Xfinity and their reps said they think someone took my phone and used usb to download this. I also believe the calls and texts are not only recorded but can be somewhat controlled by whoever is doing this. Also I think my bf jailbroke my phone without my knowledge. When I go to my modem or router settings page there is an ip address added for a remote access. Do you think this is someone you know personally? Or do you think someone hacked/virus that you do not know. Ps usbs can be used to install Linux

[Edited by Moderator]


What you report happening would necessarily involves either physical access to and reconfiguration of ~everything (which would normally have been resolved by a reset, but for your “There is NOTHING I can do to remove it” indicates firmware or hardware persistence or remote re-exploitation), or involves exploit tooling for multiple platforms (“Every phone, device, tv, blink cameras, Alexa’s, Apple Watches, tablets”).


The exploit tooling involved for what is reported is worth multiple millions of dollars in aggregate. The iPhone and iPad access reported here involves exploits worth more than a million dollars each.


Which in aggregate makes you an exceedingly valuable target for an exceedingly wealthy entity.


Which makes this case exceedingly far outside the scope of what anybody here can assist with.


Not without substantial technical skills, direct access to your personal info and equipment, and pragmatically not without assisting you in learning how to segment your information and how to operate in an exceedingly hostile environment. None of which will be free.


Or none of this happened of course, and the concerns here are based on misinterpreting mundane and benign details of the various platforms involved. That’ll still be a substantial effort to research and explain each area and each detail and each telemetry entry and each log entry, and well past what can be offered here. That all likely involving an explanation of public key cryptography, and some basics of forensics and of distributed authentication and distributed security, too.


And complicating all this, it’s ~impossible to prove a negative; that your gear hasn’t somehow been exploited.

Mar 28, 2024 12:39 PM in response to xLSx123x

XLSx123x-

I have experienced what you describe also. I have had someone in my cloud for over a year. I’m in the process of completely deleting a cloud account. If you’re not watching everything done on phone is synced..password, literally everything. So it’s impossible to get rid of them without deleting the email address completely

Jun 25, 2024 5:59 PM in response to Tmac5200

Check whether you location gets shared when you start driving… if you don’t drive settings will remain to their set values… if you try to disable location sharing a generic message saying “can’t connect to server” will pop up…


I detected a firmware level VM that was installed making my is settings useless through automatic patch updates… Disable automatic patch updates and restore your phone to original software after wiping out is and firmware using a cable connected to a trusted laptop at Apple Store. Do not do this over WiFi/iTunes downloading OS etc… Patches, App updates and links on text messages are source of these install mechanisms… stingray type devices can pretend to be cell tower and push updates, compromising whole iOS.


Don’t install lot of apps. There is a similar VM for Macs that disables only run trusted kernel binaries and all future ways to connect to laptop to wipe firmware clean.. only way to get rid of this is to replace laptop.


Stingray needs imsi and cell number, use Google voice as general phone number.


Dont remain signed in to cloud or store your passwords on keychain… Your phone passcode can decrypt your cloud data… so change passcode often and assume that “man in the middle” and “man on the inside” attacks are possible.

Mar 28, 2024 12:55 PM in response to hanes64

hanes64 wrote:

XLSx123x-
I have experienced what you describe also. I have had someone in my cloud for over a year. I’m in the process of completely deleting a cloud account. If you’re not watching everything done on phone is synced..password, literally everything. So it’s impossible to get rid of them without deleting the email address completely


The email address is not associated with a compromise. It's an identifier that is intentionally and necessarily public.


If an Apple ID has been compromised for as long as has been reported here, and given you will have already received and acted upon advice on how to increase the security of your Apple ID, then there are other issues or concerns here, or your adversaries have capabilities well outside of what we can assist with in a forum such as here in ASC.


In the unlikely case you have not already encountered it: Personal Safety User Guide - Apple Support


Probably either with a recovery key and/or security keys or both for the highest security, with Lockdown Mode enabled.

How do I check my iPhone for spyware/malware

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.