You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

mobfree.click re-direct- do I have malware?

I have a fully updated Iphone 6 using iOS 9.1. When I go to a particular website (tmz.com - I'm assuming that it's reputable), it automatically redirects to MobFree.Click, which prompts me to download a dozen things and says that "application is currently downloading..." on the bottom. I do not click on anything and clear it, as well as clear my settings/cookies/etc. Is this associated with the website only or is it possible that this is malware on my Iphone? Should I be concerned that something actually downloaded? I can't seem to find any information about this website anywhere, except for one forum about 2 weeks ago where people were complaining about it.


Thank you!


iPhone 6, iOS 9.1

iPhone 6, iOS 9.1, null

Posted on Dec 8, 2015 9:21 AM

Reply
35 replies

Dec 23, 2015 6:56 AM in response to deggie

I'm not sure I'm following your comment...

As mentioned in the earlier posts, clearing history/website data and even a full reset of the phone didn't resolve this issue. I suspect this is some kind of redirect javascript being loaded by ads on a few websites that redirect the page to a spam site. I have already confirmed the redirect also occurred in Chrome on iOS, so I'd be fairly confident that it would also occur on HTC and LG so moving away from an iPhone isn't going to solve this one...

Dec 25, 2015 7:44 AM in response to RKDUBBS

Hello! I had this exact same problem and finally just called apple support. They had me do a refresh by pressing the home and lock button at the same time for ten seconds. You can release as soon as the apple sign appears. This does not erase any of your information or apps. It is what is done when the phone freezes. This is the only thing that worked! Give it a shot and see if it works for you too.

Dec 29, 2015 5:55 AM in response to RKDUBBS

I installed ad block plus for iOS and it appeared to resolve my issue. This seems to confirm that it is indeed a malicious ad that injects a javascript page redirects when it detects mobile devices. (it also confirms that resetting your phone or removing profiles will not resolve this issue as it is server side.)


You can download Ad Block Plus for iOS here.

https://itunes.apple.com/app/adblock-plus-abp/id1028871868


I would however recommend contacting the owner of any websites that give you this issue so they can raise it with the ad provider and have the malicious ads removed.

Jan 3, 2016 6:06 AM in response to RKDUBBS

it first happened when I was surfing around random websites(cant remember, p0rn maybe?) on my iPad. The very next time I used my iPhone, it happened on there too. What was strange was that it was happening on mainstream websites that I frequent(I don't surf anything crazy on the phone) so I decided to clear the history on both devices and also reset the wireless router. Problem gone.


I know absolutely nothing about computers, so please forgive me. The following may make no sense at all.


Hypothesis (guesses)


1. Apple has its own sub-network that all Apple devices talk on? This was somehow corrupted with some kind of a redirect for Apple devices.


2. The DNS at the router level was compromised. Forcing redirects.


THe the one thing that I'm fairly certain about is that it can spread between Apple devices on a local network.


iPad os 9.2

iPhone 5s os 9.2

U-Verse wireless router

Jan 3, 2016 6:06 AM in response to SoonerJJJ

No, it happens on all devices and no Apple does not have a sub-network that all devices talk on. I have had this occur twice on Sports Illustrated's website so it is not limited to iffy sites. It is a javascript browser hijack. If you can ascertain where you picked it up from be kind enough to notify the site admin, otherwise move on and follow the steps you took. If you have continuity set up on your devices you may have opened the same website on your iPhone that was on your iPad.

Jan 3, 2016 7:16 AM in response to deggie

You misunderstood me. I don't actually have the issue anymore and I was not saying it was limited to iffy sites, but those are the sites where it seems one can contract the "bug". If you read my post I clearly state that it started on my iPad, then "jumped" to my phone, a device that is NEVER used for iffy sites. Yes, it was an iffy site on my iPad(probably sports streaming, I don't actually watch p0rn, that was just an attempt to be funny) but, immediately after this first occurred, when I used my iPhone to go to yahoo.com, I was redirected to the mobfree site. In your case, I would bet you $1000 the SI.com site is fine and you picked it up somewhere else. Or maybe someone else in your household was surfing iffy sites. Once the bug is active, it can spread and can also occur on almost any website.


I am here cause my friend asked me about it yesterday. It only happened to me once and has not happened since. I am not looking how to fix my devices, they are fine, only trying to get to the bottom of this.


Maybe it has something to do with javascript, but there is certainly more to it as it can spread on a network.


And yes Apple does have a type of sub-network or network configuration protocol, it's called AppleTalk, Bonjour, or whatever they call it now. Apple devices use it to talk to each other. I bring it up, as well as my wireless router, and a possible DNS hijacking, cause this can definitely spread between devices.


Also, many people on here have done a full reset of their device and it still happens, which tells me the bug is still resident somewhere in their environment outside of the device that has been reset.


I'm assuming you found information about the specifics of the mobfree.click javascript hacking from another location. If you would please direct me to the information so I can educate myself further. Thank you!

Jan 3, 2016 1:42 PM in response to SoonerJJJ

Apple quit supporting AppleTalk in 2009 and did switch to Bonjour. Bonjour is not only for Macs it can run on other OS's and is for quickly identifying devices and setting up networks. It is not a sub-network.


You should also read this: Use Continuity to connect your iPhone, iPad, iPod touch, and Mac - Apple Support


No, I specifically picked up the hijack from the si.com site. There is no one else in the household and the hijack is not specific to "iffy" websites. Others have picked it up from other reputable sites.


http://www.macissues.com/2015/03/24/how-to-overcome-safari-hijacked-by-a-javascr ipt-warning/

Jan 3, 2016 6:23 PM in response to RKDUBBS

ive been have the same issues took down from reading yall post it seem to have something to do with the JavaScript in the ads on different websites because I don't go to Walmart website and I always seem to get this mobclick mess 1st on mocospace website real heavily then it just start on tagged website but once I did this so far the best way to fix it is downloading a ad blocker for the App Store preferably one with a whitelist feature I've not had the issue I hope this really helps

Jan 6, 2016 7:59 PM in response to RKDUBBS

TThe same thing is happening to me on my IPad Air On www.zerohedge.com. I blocked the web site in settings and at least I can just back arrow to get back to my article. Apple was a stalwart for years in blocking the hackers and malware and bugs but I think those days are over. I just hope they develop some effective software to beat these crooks.

mobfree.click re-direct- do I have malware?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.