Can I tell where/who installed RAT and how do I remove them

I think you may be confused by the RAT term. What you are seeing is available with all cellular companies and known as Radio Access Technology.

This is not a Remote Access Trojan (RAT). No one installed anything on your device. There is a lot of buzz on the internet about this, but you have nothing to worry about with the screenshot you posted. Mostly seen on sites looking to scare people to get clicks.

SW2106 wrote:

Sorry but I think Ive confused myself a bit. Does that mean if someone did give in to Phishing the device would still need to be Jailbroken to be infected? You stated later on that devices cannot be infected with malware / spyware unless you have downloaded spurious software AND have jail broken. I read many replies to “hacking” questions from valued and experienced forum members which state iPhones/ipads can’t be hacked unless jailbroken etc.

which gives a lot of reassurance but so many websites I see keep saying IOS devices can be hacked and controlled remotely even without the user interacting with the suspected “hacker”

Those sites are wrong and most likely have other motives for making that claim. If your concern is with RAT that was reported by the OP here, then that is not Malware at all and is only a tool used by cellular provides to evaluate their network. It stands for Radio Access Technology.

SW2106 wrote:

So is the only way for an iPhone to be potentially controlled remotely, by some sort of spurious software, is that it needs the target phone to have to accept and give permission? Again this seems to be a common thought.

"Spurious" means not being what it purports to be; false or fake. So, I may not be understanding what you're saying.

The software that can successfully target iPhones remotely exists. It is exactly what it purports to be. And, it costs hundreds of thousands of dollars to deploy to target one iPhone. No permission is required from the iPhone users. Its use, largely because of cost, is not terribly common.

Many people, either because they have been mislead by scare-mongering news, or by people who have fallen down the rabbit hole of paranoia, think that it's much easier and more common for iPhones to be remotely controlled. They are mistaken. If your phone has not been jailbroken and you're not someone who has data worth hundreds of thousands of dollars, your phone has not been remotely compromised. At least at this point in history.

Clicking on link in a text will not compromise your phone. However, if that link leads to a phishing site and you give your personal information, it can certainly lead to indentity theft and compromised accounts.

Don't jailbreak your phone.

Don't leave your phone sitting around unlocked.

Don't give your iPhone password or your Apple ID password to anyone you wouldn't trust with your wallet full of cash, credit cards and bearer bonds.

Do enable two-factor authentication.

Do learn to identify phishing messages.

Do keep your operating system up to date.

Do take what you read on the internet with a very big pile of salt.

tarayn68 wrote:

I have an iPhone 12 Pro I NO for a fact that my iPhone has been being monitored for along time now.

If you feel an unauthorized person/app is remotely using, controlling or monitoring your device, then that is possible only if you have done one or more of the following Don'ts...

1. Don't hand over an iPhone to kids or to a stranger without Enabling Guided Access
2. Don't share Apple IDs
3. Don't Jailbreak
4. Don't share sensitive information pertaining to your device
5. Don't give in to Phishing
6. Don't plug in your device in Airports and Public places through third-party cables and trust the device. Beware of Juice Jacking. (Especially in India)
7. Don't leave your iPhone unlocked and unattended in public places like offices, schools, malls, etc.

If one of the above is true then quickly change the Apple ID Password and Return iPhone settings to their defaults.

Keep the iPhone updated to the latest iOS always and never Jailbreak. That's it.

iOS / iPadOS devices cannot be hacked or infected with Virus / Malware / Spyware unless you have intentionally downloaded spurious software or unauthorized apps directly from the internet and installed them on your device or/and have Jailbroken. 

It (Hacking) also depends on how careful you are in sharing sensitive and valuable information pertaining to your iPhone such as Passcode, Password, etc with your friends and family members.

Be judicious when sharing the device's sensitive and valuable information with friends and family members.

If you don't reckon what is said above is true then you have two options...

1. Report the hacking incident that you are facing to the local law enforcement authorities and follow it up
2. Believe it, it can't be hacked. There are people who still believe that the earth is flat and also some believe no one has ever landed on the moon. What can anyone do about that? This is a free world you can believe in anything, the choice is yours.

Chicho03alv wrote:

Sir you never heard of a stingray look it up its a device that will broadcast a signal with same same frequency as a carrier each carrier has its own frequency thus producing a fake tower signal and your iPhone was made to connect to a strong cell tower signal so you can’t stop it

Stingrays don't announce themselves by showing up on your phone. The original post contains absolutely zero evidence of a compromise.

Rat radio access technolagy could be problem with your therory is that field mode is time stamped and unless you are currently in a screen sharing session RAT would not and shiuld not be there do yo kno the meaning of tine stamp?

Understand RAT concerning Cellular Networks.

• Cellular networks use different Radio Access Technologies (RATs) for communication. Common RATs include GSM (Global System for Mobile Communications), CDMA (Code Division Multiple Access), LTE (Long-Term Evolution), and 5G NR (New Radio).
• Each RAT represents a different generation or technology level in mobile communication.
• Network retention usually refers to a device's ability to maintain a connection to a specific network (e.g., GSM, CDMA, LTE) while moving between different areas or cells.

You may have checked the current LTE band/5G/4G/3G by dialing *3001#12345#* and pressing the call button and then selecting the Serving cell info option and then looked at MISC

See the pic below which is self-explanatory

Did you tap on the RatRetention?

These terms appear to be related to cellular network parameters and may be associated with a system or device that manages and monitors cellular connectivity. Here's a brief explanation of each term:

1. dyn_nr5g_enabling: Dynamic NR (New Radio) 5G enabling, likely indicating the status or configuration of dynamic 5G network support.
2. elapsed_ms: Elapsed time in milliseconds, typically used to measure the time that has passed since a specific event or timestamp.
3. num_subs: Number of subscribers, indicating the count of active users or devices connected to the network. his refers to the number of active subscriptions on the device. This could be 1 for a single SIM card or more for dual SIM setups.
4. ps_pref: Packet Switching preference, referring to the preference or configuration related to packet-switched data services. his indicates the preferred Public Service type (PS) for data, usually either CS (Circuit Switched) or PS (Packet Switched).
5. roam_status: Roaming status, indicating whether a device is currently roaming on a network outside its home network.
6. scg_ever_configured: Secondary Cell Group ever configured, suggesting whether a secondary cell group has been configured at any point. This indicates whether the device has ever been configured for the Specific Cell Global (SCG) service, which enables location services even without GPS.
7. srv_domain: Service domain, specifying the type of services that a device or subscriber can access on the network. This specifies the service domain, such as CS (Circuit Switched) or PS (Packet Switched) for voice and data calls, respectively.
8. srv_status: Service status, indicating the current operational status of the cellular service. This reports the service status, which could be values like "in service," "limited service," or "out of service."
9. standby_pref: Standby preference, referring to the preferred state of a device when not actively in use or connected to the network. This indicates the preferred standby mode for the device, such as GSM, UMTS, or LTE.
10. subs_id: Subscriber ID, a unique identifier associated with a specific subscriber or device on the network.
11. sys_mode: System mode, describing the current operating mode of the cellular system (e.g., 2G, 3G, 4G, 5G). This reveals the current Radio Access Technology (RAT) being used, like GSM, UMTS, LTE, or NR (5G).
12. ui_nr5g_switch: User Interface 5G switch, indicating user interface controls or settings related to switching between 5G and other network technologies. This shows whether the user has manually enabled or disabled 5G in the user interface.
13. upper_layer_indication: Indication from upper layers, likely referring to signals or information received from higher-level protocols or layers in the network stack.
14. version: This identifies the version of the software or protocol used for RAT retention information.

These terms are likely used in the context of cellular network management or monitoring software, where understanding and tracking these parameters help ensure effective and reliable cellular connectivity for users and devices.

Chicho03alv wrote:

Rat radio access technolagy could be problem with your therory is that field mode is time stamped and unless you are currently in a screen sharing session RAT would not and shiuld not be there do yo kno the meaning of tine stamp?

Do you understand what "RAT" is? It seems not.

SW2106 wrote:

My main interest in this post is really to understand device security - particularly Malware or software that could control a device remotely. As I mentioned, so many so called experts on their websites make many claims and it does muddy the waters somewhat. Even generic forums like Quora or Reddit for example have contributors saying Apple devices can be hacked and controlled remotely even without the target actually interacting or accepting anything which is why I was trying to understand the info from the other members reply.

Yes, it's possible for an iPhone to be compromised remotely. It also costs hundreds of thousands of dollars. No insult intended but is your data worth someone spending that kind of money on?

Last year I was a victim of CC fraud and although my credentials were not taken from my iphone or iCloud account, it has made me much more security conscious. So as long as I don’t disclose any passwords etc and do not jailbreak my device am I pretty much ok? I have 2 FA as well, and my phone is never out of my sight. Thanks in advance

It's good to be cautious and aware. It sounds as if you've taken proper security precautions.

You may want to take a look at this guide from Apple:

Personal Safety User Guide - Apple Support

Sir you never heard of a stingray look it up its a device that will broadcast a signal with same same frequency as a carrier each carrier has its own frequency thus producing a fake tower signal and your iPhone was made to connect to a strong cell tower signal so you can’t stop it

Chicho03alv wrote:

Rat radio access technolagy could be problem with your therory is that field mode is time stamped and unless you are currently in a screen sharing session RAT would not and shiuld not be there do yo kno the meaning of tine stamp?

This is complete nonsense. You have no idea what you're talking about.

Sorry but I think Ive confused myself a bit. Does that mean if someone did give in to Phishing the device would still need to be Jailbroken to be infected? You stated later on that devices cannot be infected with malware / spyware unless you have downloaded spurious software AND have jail broken. I read many replies to “hacking” questions from valued and experienced forum members which state iPhones/ipads can’t be hacked unless jailbroken etc.

which gives a lot of reassurance but so many websites I see keep saying IOS devices can be hacked and controlled remotely even without the user interacting with the suspected “hacker”

Thank you for your response MAC JIM.

My main interest in this post is really to understand device security - particularly Malware or software that could control a device remotely. As I mentioned, so many so called experts on their websites make many claims and it does muddy the waters somewhat. Even generic forums like Quora or Reddit for example have contributors saying Apple devices can be hacked and controlled remotely even without the target actually interacting or accepting anything which is why I was trying to understand the info from the other members reply. I took it as, as long as your device isn’t Jailbroken then it’s immaterial because it will be rejected in some way. Last year I was a victim of CC fraud and although my credentials were not taken from my iphone or iCloud account, it has made me much more security conscious. So as long as I don’t disclose any passwords etc and do not jailbreak my device am I pretty much ok? I have 2 FA as well, and my phone is never out of my sight. Thanks in advance

Of course we are not talking about high level government officials that would be targeted by State Sponsored hacking groups that may be able to get into an Apple Device or even compromise the cellular provider to intercept communications.

For a user like you and me, there is nothing you need to worry about when it comes to Spyware or Hacking tools being installed on your iPhone. I would not consider Quora or Reddit a valuable source of information. You will find on some of those sites, that the most outlandish responses will generate the most upvotes and that is their motivation, whether the information provided is true or not.

You are doing everything correct.

None taken Idris Seabright - My data is deffo not worth that sort of money. So if iPhones for us mere mortals are pretty much safe if not jail broken, how do the high worth targets get compromised? Is it more iCloud accounts being hacked? Or just expensive tools that can actually penetrate an IOS device given the time to do? So if I ever happen to click on a link in a text or email will my non jailbroken device and not disclosing credentials keep me secure.

Thank you for the link also