Apple Intelligence now features Image Playground, Genmoji, Writing Tools enhancements, seamless support for ChatGPT, and visual intelligence.

Apple Intelligence has also begun language expansion with localized English support for Australia, Canada, Ireland, New Zealand, South Africa, and the U.K. Learn more >

You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

📰 Newsroom Update

Voice Memos update brings Layered Recordings to iPhone 16 Pro and iPhone 16 Pro Max. Learn more >

XWorm Virus - Hacked and cloned iPhone 15 Pro Max by RAT virus now being cyberstalked

I have had someone hack into my iPhone 15 Pro Max by unknown actors who have cloned my iPhone and then had the audacity to report my IMEI as compromised so I can’t even factory reset my phone to ever use it again even with a new eSIM being sent to me by my cell phone carrier.

This has been an absolute nightmare for three weeks straight of being hacked via my home WiFi connection into every single device I own. I think it’s the XWorm RAT virus that is being used, and biometric authentications, pins and passcodes don’t matter. I believe they have cloned my iPhone to obtain access to my MFA apps and are trying to get into my accounts.


I have filed multiple reports with the IC3, the FBI and the local police department. They have aggressively targeted every single new email account and phone number that I have created to try to get help. It’s definitely not just one individual because I watched in real time on a bait laptop that I used at a local public library that was previously unlinked to me in any way and not tied to any of my personal information five users remote into my laptop within ten minutes of my using the laptop.

For anyone who says that this isn’t possible, please don’t even try to deny what you don’t know about. This has been a horrific experience for me and my family for over 3 weeks now and I have no idea why I am being targeted.

Since my phone is fairly new I am trying to get Apple to get the device back and investigate this virus more. It attaches to the bios of any infected device and every single virus scan that I have tried doesn’t pick it up. Factory resetting an infected device isn’t enough.


Since this began with my ip address being attacked and then every device on my network being injected with the rat virus, the infected devices become listening and recording tools for the hackers to surveil you in real time. It’s creepy as **** knowing that strangers are using FaceTime audio to record you and screen recording your phone. The virus also includes a keylogger that allows them to capture your activities. Finally, the last feature of this virus is that it’s constantly scanning for nearby devices via Bluetooth and I strongly suspect can infect other devices via Bluetooth.

A month ago I would have said that none of these things are possible but now I know better. Has anyone had any success with overcoming this rat virus and do you have any idea who was responsible and why? I have gone through 8 burner phones this month, bought multiple new clean devices and tried to just start over completely with new everything, new iCloud account and new phone numbers, but they won’t leave me alone and I have no idea why…


[Edited by Moderator]


iPhone 15 Pro Max

Posted on Nov 24, 2024 5:53 AM

Reply
14 replies

Nov 25, 2024 8:42 AM in response to ReallyImNotCrazy

ReallyImNotCrazy wrote:

1. The same thing is happening to me. Unfortunately, it has been 2.5 YEARS. Apple continues to tell me this is not possible. My cellular provider (Xfinity) says it's an Apple issue. Here are the problems i'm experiencing and have documented evidence that someone has cloned my phone.
settings on iphone get changed
2. SOS and satellite icon randomly appear


Using a phone indoors where building material interferes with cellular reception, or using a phone in an outdoor area where your carrier does not have good cellular coverage, are more likely explanations.


If Vladimir Putin told the successor agency to the KGB to hack your phone – do you really think they would want to make the SOS indication flash on and off to raise your suspicions of compromise? If you are a target with high enough value (e.g., you have access to highly classified information) that a state-level actor is willing to expend the sort of resources it might take to compromise your phone, they aren't going to want you to know the phone is compromised. They're going to do everything possible to make it act normal, as far as you are concerned.


As far as security against ordinary miscreants, you should secure your phone with a passcode that others do not know, and secure your Apple ID / Apple Account with a password that others do not know. Likewise for any other accounts. If someone knows your Apple ID and Apple ID password, it would not take any special "hacking" skills for them to access synchronized data. They could just log in to the Web interface and view or change it.


If you think your Apple Account has been compromised - Apple Support

Nov 24, 2024 10:21 AM in response to Wanderlust505

The XWorm RAT virus (actually malware not a virus) cannot infect an iPhone. There is no known way it can infect an iPhone. The malware has been around at least 5 or 6 years and the FBI would be extremely skeptical of your claims.


Even if it were possible for a RAT virus to infect an iPhone (which it’s not) Apple would have released a security update in the last ) years to block the malware.

Nov 24, 2024 1:41 PM in response to cvkBodhi83

Apple iOS devices and Mac OS do not share the same vulnerabilities. Looking in Apple forums/communities is counterproductive and will only contribute to your frustration etc.


Multiple posts have explained how it can’t happen and even if it could, 6 year old viruses are rarely a threat, even on Windows. It’s time to let this issue go and move on. It’ll be less stressful and overall will contribute to your better health. Good bless and I hope you have a great week ahead.



Nov 25, 2024 8:20 AM in response to Wanderlust505

The same thing is happening to me. Unfortunately, it has been 2.5 YEARS. Apple continues to tell me this is not possible. My cellular provider (Xfinity) says it's an Apple issue. Here are the problems i'm experiencing and have documented evidence that someone has cloned my phone.

  1. settings on iphone get changed
  2. SOS and satellite icon randomly appear
  3. Someone has attempted to enter my SIM pin and since i changed it, the SIM locked activated
  4. Some of my contact photos were changed
  5. Use Personal Voice feature shows enabled but i didnt create a personal voice
  6. Some phone calls and text messages are not received
  7. I name my phone but sometimes the name will change under the General settings
  8. When backing up to icloud, all apps will sometimes show 0 data
  9. Background sound gets turned off, even if turn off when locked is not enabled
  10. Menu items are moved or turned on
  11. Game Center is being accessed

There are many many other issues.

I am still looking for help.

Nov 24, 2024 1:36 PM in response to KiltedTim

Thanks for the hurtful and rude comments. I’m not the owner of this post I was just asking if that was possible. I have been dealing with a RAT on my windows devices for years and have noticed crazy **** happening on my iPhone such as Bluetooth turning on and connecting to nearby devices that aren’t mine or people nearby


I also have my FaceTime turned off on all Apple devices and the app deleted but every week FaceTime data shows up under the list of apps with data in iCloud. I make sure it’s removed then all different intervals but no more than two weeks it will show back up.


You know how HomePods connect through the Home app well occasionally they will show ip under my Bluetooth settings and then just as randomly a few hours later disappear from that list.


I was hoping I could look here to find answers for what’s going on on my windows devices just a stab in the dark since I now have diagnosed PTSD because of it. Actually it a lot to explain so it’s related to this thread:

https://answers.microsoft.com/en-us/windows/forum/windows_11-security/remote-accessed-trustedinstaller/07f00ed1-a099-4bcc-bbf9-4164383cb31c?messageId=253821e1-cc3b-47e2-91fa-b9b9a26fbd02&page=1


If you would like more screenshots to definitely show that that thread describes exactly what is happening with my windows devices then I can provide.


[Edited by Moderator]


Nov 24, 2024 10:52 AM in response to Wanderlust505

Ive seen the same that you are mentioning, my windows desktop was infected by a remote access Trojan and has created so much persistence that literally the technician at the repair center told me I may never be rid of it. I thought if a Trojan on a windows computer creates code for a cross device platform app, or place files in iCloud Drive if the person uses iCloud for Windows, that the person signs into can’t they gain access in the kind of way? All I know is that randomly my Bluetooth will turn on and connect to devices that aren’t mine. From my windows logs it’s showing information about an apple device and MDM so maybe it crosses platforms in these ways? It the rat performs normal windows or apple process but for its own purposes then malware and systems security enforcements are going to let it pass on by as a normal background process.

Nov 25, 2024 8:09 AM in response to cvkBodhi83

cvkBodhi83 wrote:

Thanks for the hurtful and rude comments. I’m not the owner of this post I was just asking if that was possible. I have been dealing with a RAT on my windows devices for years and have noticed crazy **** happening on my iPhone such as Bluetooth turning on and connecting to nearby devices that aren’t mine or people nearby

There's nothing in those screenshots that indicates that your phone is connecting to strange devices. Unless, of course, the Homepod, Cory's Watch and Cory's Airpods are not yours.


Settings>Bluetooth will show any discoverable BT devices even if they are not ones your phone is paired with. This is normal, expected behavior. It's how you find devices you want to pair with. But, until you actually pair with them, they are not connected to your iPhone.

XWorm Virus - Hacked and cloned iPhone 15 Pro Max by RAT virus now being cyberstalked

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.