mega.viral-content.site POP-UP

It doesn't matter how hard it is to get. It doesn't matter that it happened in one country. It matters that it happened at all, and it's not the only bad malware that's been encountered on iOS. My point is telling less informed iPhone users that it can't happen on their phone or that it doesn't exist isn't the right thing to do. It can happen, and it does happen.

This specific iOS browser hijacker is currently being reported in several places (iMore for example), and if you look it began at roughly around the same time.

Other things that I found when it was being reported on computers is that it steals private info (banking info, passwords, etc. etc. etc.). I don't know what it's currently doing now that it's on iOS, but it can't be good.

That's all true, but that not what concerns users. They're concerned when it's something that can happen easily, and with little or no intervention from them.

The one you refer requires two thing: You must first install software in Windows knowing that its purpose is to steal software. You must then connect your iPhone to that same Windows computer to make it possible to steal software from the App Store. What the Windows software doesn't tell you, of course, that the trade off is all the things it does to your iPhone behind your back you don't want it to do.

Not a thief? No need to worry. So yes, it matters a lot.

This is behaving like a browser hijacker, which does not need manual installation from the end user (well, actually they can install it if they're tricked into it by a fake "except cookies" or similar notice).

It sure sounds like it behaves that way, but there hasn't been anything yet to point to the actual cause. Clicking a popup to accept cookies (as I ran into, but didn't go for) shouldn't be able to do anything to a non jail broken iPhone or iPad. There is no admin password to enter so you can somewhat (or fully) bypass the OS's warning. iOS and all of its installed apps are locked down.

All apps, including those from the App Store are required to be sandboxed. They aren't allowed in any way to write files anywhere other than within their own application package. They can talk to one another, such as if you click a link in an email and it opens Safari. Then at the top left in Safari, you'll see a small link you can touch for "Back to Mail". But that's all it can do as far as interaction with another app.

Has someone discovered something new to get by iOS's restrictions that no security firm or even Apple knows of yet? It would be foolish to say it can never happen. All software, especially complex software has flaws in it that haven't been discovered, or have been but not fixed yet. Right now, there's too many ifs. One person can't go to a particular site without getting redirected. I go to that same site and nothing happens. An iPhone that had no issues before upgrading turns into a headache after doing so, but only to a very small number of users. Why? That's what we don't know yet.

Thank you so much! This finally helped me out appearently.

This is most likely to be a hacked ad network like adsense. This kind of attack always is.

That would explain why adblock stops it, why disabling javascript stops it, why this is happening worldwide and why clearing cookies (in this instance the ad-networks targeting cookies) stops it.

Pokemon GO and iOS 9.3.3 are two major releases that somewhat matches the timeframe of this incident, but it is very unlikely that these could inject anything into your browser.

To proceed, we need to verify that this problem does not happen on ad-free sites, testing - like Kurt Lang mentioned - sites like google.com and apple.com.

Then, we need to isolate the ad network, by finding those that the "infected" sites have in common. Unfortunately I have not been able to pick up the disease on my iPhone that have both 9.3.3 and pokemon GO installed (it's for my kid, no seriously!)

To try and help, even though my problem appears to be solved - I received the pop up when visiting www.bold.dk - if visiting mobil.bold.dk the site worked fine. So it was only when visiting the desktop version on iphone, that the problem

persisted.

As far as I have read, others have also experienced the problem when visiting sports sites, and/or sites with betting commercials etc. which is the same case for www.bold.dk

I was afraid that my Mac would end up with the same issue, as I of course have both my iPhone and Mac linked to iCloud, but the homepage worked out fine on my Mac all the time.

Besides this - I have also updated to iOS 9.3.3 and use Pokemon GO rarely.

I've been having the same problem, too, except it's not on Safari, which is acting fine. I do not have Pokemon Go, nor have I ever installed it. I keep getting the pop-up on my Facebook app. It pops up whenever I click on a link within the app itself, so it uses its internal browser. The settings for the app in the phone's settings do not allow you to block cookies or clear browser history. I've done all the other steps mentioned in here, including clearing history/data from Safari and blocking cookies, even though Safari hasn't been the problem. I've also:

-Restarted my phone every time it pops up in Facebook

-Swiped the app up to close it, then restarted it

-Deleted and reinstalled the app from my phone

None of this seems to be working, and my facebook app is pretty much useless (<- that may not be a bad thing, I have sh** I should be doing instead). My phone is not jailbroken, either.

Update: So after posting this, I went into the Facebook app's settings (in the app itself) > security> active sessions. I had 12 active sessions, and 4 of them were from unknown locations including 1 unknown device, and 1 device I didn't recognize. The rest were from recognized locations and devices. I closed the 4 that were unknown in some way, and left the other 8 open (they were connected to calendar apps, etc). This seems to have fixed the problem for now. I'm able to click on links in the app without getting the pop-up.

However, that's a little scary to see that unknown devices were tapping into my app. Some of the sessions started as far back as September. The first one on the list that was unknown was started 2 days ago, though, when I first started noticing the problem.

I disagree. There are many things that can cause this behaviour: Profiles, proxy setting, search engine setting, or some content blockers which can behave in that way.

Recently I have seen a "content blocker" which works only on WiFi. And guess what, it simply sets a PAC file to the wifi connection! the PAC file was somewhere on a remote server. Just imagine, what if the owner of the PAC file just writes a simple redirection to an annoying ad-page?

iPhone is almost bulletproff and I agree this is not a virus. this is just a user issue, who clicks (not necessarily aware) on the wrong button or installs wrong app.

pasting what I wrote in Re: Virus on iPhone 6s?!

1. you get it only when doing a search? if yes, look on the Settings > Safari > Search Engine - see if it's set to google

2. second thing I would look at is Profiles. Settings > Profiles and delete any suspicious profiles. if you are not using a company phone, you can delete all profiles which are there. if the Profiles is not shown, ignore this step, you have no profiles set

3. third thing can happen on Wifi - look at wifi settings, if there's a proxy server set. if yes, set it to None

4. fourth try, look if you have any extensions (in iOS content blockers only) installed. if yes, try to remove them.

I'm pretty curious if this helps

problem has been solved.

It was a hacked ad network account that was used to introduce this annoying ad on multiple sites

There are many things that can cause this behaviour:

That's essentially what I said:

Right now, there's too many ifs. One person can't go to a particular site without getting redirected. I go to that same site and nothing happens. An iPhone that had no issues before upgrading turns into a headache after doing so, but only to a very small number of users. Why? That's what we don't know yet.

Per Thomas' note after yours:

It was a hacked ad network account that was used to introduce this annoying ad on multiple sites

Doesn't surprise me at all the problem was outside of iOS. Again, not saying it's literally impossible to attack iOS, but it's extremely difficult. Per the other forum where the issue seemed to happen to a lot of people all at once, not all of whom had updated their iPhones or iPads, that almost immediately tells you the problem is not the device.