How do I check my iPhone for spyware/malware

How do I check my iPhone for spyware/malware

iPhone 12

Posted on Apr 28, 2023 7:37 AM

Reply
Question marked as Top-ranking reply

Posted on May 8, 2023 10:31 AM

6XChinaXDollX9 wrote:

An an iphone be cloned with the SIM card or device itself if they had access to it.

A SIM card can be cloned. The iPhone itself, cannot be cloned, but its data can be copied. If using an eSim it can be also be copied to a different iPhone. This would take a while to complete however, so unless it was out oof your sight for an extended period of time (30 minutes or more), its unlikely to have happened.


Or if you have 2 devices both logged onto the same cloud and one is stolen can they get access to watch your screen listen to your microphone and access your data and saved files on the phone?

If they have access to your iCloud account, they can log into it, and see any files stored in iCloud. They can't get access to your camera, screen or microphone in any way.


I still have one of the iPhones and one was stolen which I put in lockdown mode and bc they knew the screen code took it out of lost mode. Somehow they are still able to access my files on my phone and see or hear the screen and mic.

Not possible. They are trying to trick you. As mentioned, they may have access to your files in iCloud and on the device if they managed to unlock it, but there is no way for them to see your screen or hear your mic. It's simply to something that can be done.


I know they have said they can clone phones and had a software or device able to do it with iPhones but even after changing my pad they are still accessing and even remotely controlling the phones mic and editing and deleting files saved on the device only.

Again, not really possible to do this. not sure what you are seeing, but I can almost guarantee this is not what is happening.


How is this possible and could it have something to do with the google accounts I also have on my I phone or is it the SIM card or remote accessing my device like was done with desktop computers by tech support.

Not possible to remote access an iPhone. Not through the sims are which only holds settings, and certainly not through a Google account.


If they have access to your iCloud account, they can modify files, contacts, calendar entries, notes and photos synced to iCloud, and you would see those modifications on your device.


You can stop this, by changing your iCloud password, and even changing the email address associated with your Apple ID.

click here ➜ Change your Apple ID password - Apple Support


Also click here ➜ If you think your Apple ID has been compromised - Apple Support


53 replies

Feb 6, 2024 6:50 PM in response to Tmac5200

Will “xLSx123x” please reply to me? I have had the same issues since March 2023. In fact, there is a key logger logging my text as I write this. I have done inumerable things to right the situation, just as you did, with the same resilts. It is so frustrating, I’m tempted to just throw the phone—an iPhone 14 Pro Max—away. IF I can access it. I can’t even use my phone number. When I call out to ANY customer service line, I get this “help desk” with the same people who try to deter me from what I am attempting to achieve and who never have answers for me. I cannot call, for example, my own father or even 911.


Please get back yo me.


katherine


[Edited by Moderator]

Feb 6, 2024 9:13 PM in response to quest2346

Regarding the spyware subject, I see that my credentials are naught because I have offered no advisory details. I will outline my formerly proffered advice, including both technical and life advice, in order to help someone feel more in control of his or her privacy, as follows:


1) Come to terms with the sad fact that in a greed-based, market-competitive society, nothing is ever free. Even the air that we breathe comes with a cost. If you need to reach out for support or help of any kind, individuals MAY help you, but organizations exist through their own profit, so you may be further disenfranchised as a result of any help you receive.


2) My technical advice is to beware when using a gmail account as an Apple id. Possibly there is a glitch in Apple software (whereby your iPhone will MANIFEST an icloud account by default for email—as one “Apple Support” person explained), or you have been targeted (less believable, but true) by a focus group who is studying, for example, people’s vulnerability to predatory entities offering “deals” or loans through marketing techniques (I am extending the benefit of the doubt, here). If one person in the latter group has physical access to your phone for a few minutes, he/she may create an alias of your gmail Apple id to gain access in order to essentially clone another device via your alias icloud email account, providing a separate sign-in to your account, and eventually gaining total access to all of your data. Which leads to…


3) Keep your device away from other people and do not let anyone EVER use it.


4) Pay attention to red flags and know that your observations are yours, which makes them valid. Nothing observed by you is ever wrong or crazy. If anyone denies this, that person is telling you that your experiences are not valid. THAT, alone, is a red flag. That person should not be trusted.


5) Try to always be learning to understand the shifting nature of the hierarchy of the corporate world and learn about outsourcing and third party limitations and responsibilities under the umbrella of the outsourcing corporation. Read small print, read anything you sign, take your time to ask questions.


Good luck.

Feb 22, 2024 1:32 PM in response to Tmac5200

My ex-partner was accessing my iPhone XR for over a year before I realised what was going on. However that’s only because he WANTED me to know that he was keeping a very close eye on me.

He fairly certain he had access to my microphone and camera feeds because on more than one occasion he’s known exactly what I’ve been doing when I’ve been having ‘private guy time’ and other things he could only know from my camera or microphone. I’m uncertain whether he can screenshot or view my screen, however he definitely has access to my passwords because I was regularly losing access to my email, Spotify and everything else when the passwords were no longer valid and the recovery emails got changed.

He deleted all my photos from my iCloud, which then synced to all my devices. Before that though my photos and videos ended up on his laptop. I dunno whether iCloud web allows direct downloading of media like this, however my trusted devices list was consistently showing two iPhones so he had an iPhone logged into my Apple ID anyway. He has sent messages to my family and friends pretending to be me however that could’ve been via a cloned SIM card or just by using my iMessage.

Two of the strangest things were when I’d have a message from him on my iPhone Lock Screen, however when I’d go to Messages there would be no trace of ir. Another one I can’t get my head around is when I’d be typing a search term into Google and as I was typing the letters would be getting deleted, as though I had a backspace key with a mind of its own.

After many factory resets and using new Apple IDs it was all still going on so the iPhone is an expensive paperweight now and I got an Android instead. He did it to that as well, however a factory reset did seem to solve it cos there’s been no weird stuff happening since. Ended up getting myself a new iPhone anyway just in case and I use the android for things like apps that aren’t available on the iOS App Store or for filming stuff cos it has a bigger screen and better camera etc.


Feb 22, 2024 5:33 PM in response to Regina779

Absolute same here! For over a year. Every phone, device, tv, blink cameras, Alexa’s, Apple Watches, tablets. I have same managed device, the Apache thing, apple developer account I never made, my iPhone is newer so no sim in phone but the sim kept being transferred to another device, I also have the AAA root that I can’t remove bc it’s greyed out, as well as the Linux Ubuntu or Linux Debian, something linux. There’s so much code. Unknown files. Different time zones. There is NOTHING I can do to remove it. I think it sniffs Bluetooth or travels over the internet to every nearby device and infecting it. I also think I know the culprit (my bf) but can’t be 1000% sure I didn’t just get virus or hacked. My phone provider is Xfinity and their reps said they think someone took my phone and used usb to download this. I also believe the calls and texts are not only recorded but can be somewhat controlled by whoever is doing this. Also I think my bf jailbroke my phone without my knowledge. When I go to my modem or router settings page there is an ip address added for a remote access. Do you think this is someone you know personally? Or do you think someone hacked/virus that you do not know. Ps usbs can be used to install Linux


[Edited by Moderator]

Mar 25, 2024 11:25 PM in response to Regina779

i feel your pain all the way around. Total time dealing with this so far is three years give or take…. Nobody believes you, people start treating you like you actually crazy and need to be rehabilitated, dedicated, or incarcerated. You are not alone in being the recipient of strange “cyber-attacks” without having an obvious reason as to why you were chosen for such a prestigious gift. Maybe we all have something in common that we are as yet unaware of. Maybe we should all link up and chat? I’m sick of fighting an unknown enemy blind. I’m ready to scrounge up some glasses

Mar 26, 2024 7:48 AM in response to Brp30

Brp30 wrote:

Absolute same here! For over a year. Every phone, device, tv, blink cameras, Alexa’s, Apple Watches, tablets. I have same managed device, the Apache thing, apple developer account I never made, my iPhone is newer so no sim in phone but the sim kept being transferred to another device, I also have the AAA root that I can’t remove bc it’s greyed out, as well as the Linux Ubuntu or Linux Debian, something linux. There’s so much code. Unknown files. Different time zones. There is NOTHING I can do to remove it. I think it sniffs Bluetooth or travels over the internet to every nearby device and infecting it. I also think I know the culprit (my bf) but can’t be 1000% sure I didn’t just get virus or hacked. My phone provider is Xfinity and their reps said they think someone took my phone and used usb to download this. I also believe the calls and texts are not only recorded but can be somewhat controlled by whoever is doing this. Also I think my bf jailbroke my phone without my knowledge. When I go to my modem or router settings page there is an ip address added for a remote access. Do you think this is someone you know personally? Or do you think someone hacked/virus that you do not know. Ps usbs can be used to install Linux

[Edited by Moderator]


What you report happening would necessarily involves either physical access to and reconfiguration of ~everything (which would normally have been resolved by a reset, but for your “There is NOTHING I can do to remove it” indicates firmware or hardware persistence or remote re-exploitation), or involves exploit tooling for multiple platforms (“Every phone, device, tv, blink cameras, Alexa’s, Apple Watches, tablets”).


The exploit tooling involved for what is reported is worth multiple millions of dollars in aggregate. The iPhone and iPad access reported here involves exploits worth more than a million dollars each.


Which in aggregate makes you an exceedingly valuable target for an exceedingly wealthy entity.


Which makes this case exceedingly far outside the scope of what anybody here can assist with.


Not without substantial technical skills, direct access to your personal info and equipment, and pragmatically not without assisting you in learning how to segment your information and how to operate in an exceedingly hostile environment. None of which will be free.


Or none of this happened of course, and the concerns here are based on misinterpreting mundane and benign details of the various platforms involved. That’ll still be a substantial effort to research and explain each area and each detail and each telemetry entry and each log entry, and well past what can be offered here. That all likely involving an explanation of public key cryptography, and some basics of forensics and of distributed authentication and distributed security, too.


And complicating all this, it’s ~impossible to prove a negative; that your gear hasn’t somehow been exploited.

Mar 28, 2024 12:39 PM in response to xLSx123x

XLSx123x-

I have experienced what you describe also. I have had someone in my cloud for over a year. I’m in the process of completely deleting a cloud account. If you’re not watching everything done on phone is synced..password, literally everything. So it’s impossible to get rid of them without deleting the email address completely

Mar 30, 2024 10:44 AM in response to Jareddddd

Jareddddd wrote:

What did you do about this? This is happening to me right now.


”This” being a security breach across multiple devices, across multiple unrelated platforms and services, and the breach(es) persisting or being reintroduced after device and password resets and related steps?


If so…


That scale and scope puts your report here well outside what anybody here can assist with, as what you report would require you to be targeted by immensely rich entities using espionage-level tooling.

Apr 28, 2024 3:31 AM in response to XxRemotelyxMonitoredxX

This exactly the same as what I’m going through; no matter what I do, they thwart me !! They can halt my phone and WiFi & cellular data !!!see every key stroke and access bank accounts. They know when I leave my home and come in to steal stuff.

Git a new iPhone and it was not set up. When I went to set it up, someone had locked it with a passcode; I didn’t do that. They’re ruining my life !!

Jun 25, 2024 5:59 PM in response to Tmac5200

Check whether you location gets shared when you start driving… if you don’t drive settings will remain to their set values… if you try to disable location sharing a generic message saying “can’t connect to server” will pop up…


I detected a firmware level VM that was installed making my is settings useless through automatic patch updates… Disable automatic patch updates and restore your phone to original software after wiping out is and firmware using a cable connected to a trusted laptop at Apple Store. Do not do this over WiFi/iTunes downloading OS etc… Patches, App updates and links on text messages are source of these install mechanisms… stingray type devices can pretend to be cell tower and push updates, compromising whole iOS.


Don’t install lot of apps. There is a similar VM for Macs that disables only run trusted kernel binaries and all future ways to connect to laptop to wipe firmware clean.. only way to get rid of this is to replace laptop.


Stingray needs imsi and cell number, use Google voice as general phone number.


Dont remain signed in to cloud or store your passwords on keychain… Your phone passcode can decrypt your cloud data… so change passcode often and assume that “man in the middle” and “man on the inside” attacks are possible.

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

How do I check my iPhone for spyware/malware

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.