Possible malware or phishing

Question

Level 1

0 points

Possible malware or phishing

So i consider myself an educated apple user. I have "mastered" the devices since 2008 and know abut dfu modes soft/hard reboots and the likes. This however is probably the first time ever when i seek help on these devices. It was two nights ago when i was using my phone and tablet when suddenly one after the other they rebooted. This is not something that happens often or ever for that matter since i take care of them. Both devices are not jailbroken but seem to have been hacked.

The Problem:

Every now and then when i am using a browser when opening a link or URL i get sent to this:

It has happened with Facebook, Messenger, Safari, Mozilla Firefox. I have tried clearing the browsing data, logs, cookies and rebooting the phone after. Deleting the programs also did not solve the problem. The problem continues even when not on wifi. I assume the iPad2 is in the same boat, but i use my iPhone 6 plus more so i get more of this there. I tried numerous protection apps from the app store, but nothing worked so far.

Sorry if i made the post inaccurate or in some way as it should not be, but its 1:16 am and i have no idea what is causing this and how to fix it.

iPhone 6 Plus, iOS 9.2

Posted on Jan 5, 2016 3:18 PM

Reply

Answer 1

ckuan

Level 10

120,932 points

Jan 5, 2016 3:23 PM in response to Angelhubev

Since you have cleared the caches and data, the site you are visiting is the problem.

BTW, there's no protection apps that can help you. All apps runs in a sandbox so how do you think the protection apps can help?

Reply

Answer 2

Angelhubev Author

Level 1

0 points

Jan 5, 2016 3:29 PM in response to ckuan

So the random simultaneous iphone and ipad restart were not from malware injection? I got redirected from a very normal website that doesn't even have visitors that are that well computer orientated, yet i find it hard to believe that they would have such scamy ads.

This has happened more times in the past days than random popups have ever. And the links have nothing in common between them.

Reply

Answer 3

ckuan

Level 10

120,932 points

Jan 5, 2016 3:42 PM in response to Angelhubev

Most websites are owned by not technical people. Many of them use a packet/template or done by some 3rd parties.

They are not even aware if the site is compromised.

These are the sites hackers have an easy target practises. Most of them are simple javascript.

I have been using iPhone since 2009 and iPads later.

Reply

Answer 4

Angelhubev Author

Level 1

0 points

Jan 5, 2016 3:51 PM in response to ckuan

Fair enough.

So how do i fix this problem. I see you're an extremely experienced and knowing member so surely you'd know a possible way to fix this.

Maybe stopping Java script until a software update, or maybe a software update?

Reply

Answer 5

Kurt Lang

Level 9

69,528 points

Jan 5, 2016 3:57 PM in response to Angelhubev

Is the phone jailbroken? If yes, then all bets are off when using software that has not been vetted by the App Store. Not that the occasional bad app gets in, but it's rare.

It's also possible your router has been hacked, and the redirects are coming from there. All routers have some way of resetting them to factory condition. Usually a small button you hold in for several seconds. Consult the manual for your device for the correct procedure. This of course doesn't apply at all if it happens anywhere you are with your phone.

Reply

Answer 6

Angelhubev Author

Level 1

0 points

Jan 5, 2016 4:03 PM in response to Kurt Lang

The phone is not jailbroken. In fact i recently got it to replace my original 6+ around a month ago. I think i had trouble on LTE even when not connected to the wifi router.

another note: I noticed it stops me from opening my links even when they are already loading and starts loading its own url. Probably nothing new, but i found it interesting.

Reply

Answer 7

ckuan

Level 10

120,932 points

Jan 5, 2016 4:06 PM in response to Angelhubev

There's nothing to fix, and you can't fix someone else websites, you've to stop visiting those sites.

And if you care, write them about it.

As for you, make a local backup and then restore the device as new and test.

If it's working, restore from the backup and test again.

If it start happening again, it has something to do with the backup.

Restore as new again and manually sync back the stuff you want.

Reply

Answer 8

Angelhubev Author

Level 1

0 points

Jan 5, 2016 4:11 PM in response to ckuan

This has answered all of my questions i may have to ask. Going to tell kotaku their site is filled with whatever this is...

Regardless, thank you for your time. I will do some testing to see if this is indeed the case.

Reply

Answer 9

ckuan

Level 10

120,932 points

Jan 5, 2016 4:21 PM in response to Angelhubev

You're welcome.

Reply

Answer 10

Angelhubev Author

Level 1

0 points

Jan 5, 2016 4:25 PM in response to ckuan

So i did some digging and found out its "onclickads.net" that is causing me this aggravation. Looking for solutions without restoring software atm.

Reply

Answer 11

ckuan

Level 10

120,932 points

Jan 5, 2016 4:59 PM in response to Angelhubev

Where was that found?

Reply

Answer 12

Kurt Lang

Level 9

69,528 points

Jan 5, 2016 5:05 PM in response to Angelhubev

It is possible an app you acquired from the App Store is causing this. I read another topic just today where the user tracked down what app they had was causing the ads. They had gotten it through the App Store.

Reply

Answer 13

Angelhubev Author

Level 1

0 points

Jan 5, 2016 6:16 PM in response to Kurt Lang

It seems i have stumbled across the legendary onclickad.net malware/virus. From what my till 4am reading has led me to understand is that i injects itself into browsers, modifies host files and spreads. It's able to modify the router's DNS settings and ios handheld devises are not immune to it. This is very disturbing as i do not want to relinquish my photos to some spammy ad redirecting site. However i think everything is infected. Earlier today even my steam account opened a link to that site it pops open to from my mac. I do use adblock on Safari so i didn't notice it here like i did on my ipad and iphone. But people say that its highly possible to have infected my router by now. Looks like i am forced to clean install everything in my house unless we find a solution.

Just checked. It has infected my grandma's ipad air as well. She is incapable of getting apps and other than Facebook and skype doesn't use the device...

Reply

Answer 14

Kurt Lang

Level 9

69,528 points

Jan 6, 2016 6:37 AM in response to Angelhubev

This shouldn't be possible on an iOS device. Which isn't the same as saying impossible. But the OS and the installed apps are supposed to be completely locked down against any kind of injection or other modifications. Which is what System Integrity Protection is for in El Capitan.

I'll see if I can get Thomas Reed to look at your topic. He's an actual malware expert for the Mac platform.

Reply