Despite Apple’s best efforts, malware occasionally sneaks through onto the App Store. Phishing represents a persistent threat, as does the risk of users encountering malicious content while browsing. There’s also a growing threat from zero-day exploits; many of which are discovered and weaponized by commercial spyware developers and require neither clicks, nor any user interaction.
In this context, it makes sense not only to take proactive measures to keep your devices safer, but also to better understand what the warning signs of malware infestations are, and how to take rapid action in the event of a worst-case scenario.
How to Check iPhones for Signs of Malware Infection
Common signs that your iPhone might be infested include:
Increased Data Usage: Unexpected spikes in data consumption might indicate malware running in the background. Check for it here.
Battery Drain: If your battery seems to be running out of charge faster than normal, it may be a sign of malicious processes running without your knowledge. Here’s how to check.
Overheating: Devices do get warm through continuous use, especially in the hotter months, but if one becomes unusually hot, it could be due to unnoticed malicious activity on the device.
App Crashes: Your iPhone should offer a pretty stable, optimized user experience. So frequent application crashes or unresponsiveness won’t happen unless something is wrong.
Pop-up Ads: Unwanted pop-up ads are annoying at best, and at worst could be malicious if clicked on. If your device is suffering, it may have been infested with adware.
Unexplained Changes: Are there any new apps that you don’t remember installing on your device? Maybe the settings have been changed in some way. Or there’s a new screensaver. All of these happenings should be red flags that malware has made unauthorized changes to your device.
An Eye-watering Phone Bill: Some malware makes money for its developers by using premium rate services in the background. The first you might learn of such activity is when you get your monthly phone bill.
You’re Spamming Your Contacts: Some malware hijacks your accounts to send malicious or unwanted messages to your email/address book/social media contacts and friends. If they started complaining en masse, it could be worth investigating the cause.
How to Remove Malware from Your iPhone
Cybercriminals, abusive partners and even government spies may target your device(s) for eavesdropping, data theft and more. If the worst happens and you find malware on your iPhone, follow these steps to contain and mitigate the threat as rapidly as possible:
1. Restart Your iPhone: Hold the power button down and turn the device off. Wait a few seconds and turn it back on. Sometimes a simple reboot can resolve minor issues and halt any malicious processes that may be running.
2. Update iOS: Always ensure your device is running the latest iOS version, as that means it is also on the most secure version.
3. Clear Browser Data: Malware can sometimes live in your browser's cache. To clear it:
- Go to Settings > Safari
- Tap Clear History and Website Data
- Confirm the action
This may have the extra benefit of ensuring you don’t revisit malicious websites via your browser history.
4. Delete Suspicious Apps: Malware sometimes lurks inside legitimate-looking applications. Although it rarely makes it past Apple’s strict App Store vetting process, malicious apps may be more common on third-party stores. Uninstall any unfamiliar or recently installed apps that may have coincided with the onset of issues.
5. Restore from a Clean Backup: Persistent malware will survive a simple reboot. In this case, restore your iPhone to a previous backup made before the issue began.
- Select General then Transfer or Reset iPhone
- Choose Erase All Content and Settings
- Select Restore from iCloud Backup
6. Perform a Factory Reset: If the above doesn’t work, it’s time to take the nuclear option and reset your iPhone to factory settings. Note that this will erase all your data, contacts and personalized settings, so it should be a last resort:
- Go to Settings > General > Transfer or Reset iPhone
- Select Erase All Content and Settings
- Follow the on-screen instructions to complete the reset
How Do I Keep Malware Off My iPhone in the First Place?
When it comes to device security, prevention is usually better than the cure. So, whether you’re an individual user or an IT security manager, take these proactive steps to avoid malware infection:
- Avoid Jailbreaking: Jailbreaking, or modifying your phone may be tempting, especially if you want to personalize your experience. But it will worsen security by exposing your device to potentially dangerous applications outside of Apple’s “walled garden”. Jailbroken devices will not auto-update to the latest most secure version of iOS.
- Download Apps from Trusted Sources Only: Only install apps from the official App Store to reduce the risk of malware hiding in legitimate-looking software.
- Avoid Unknown Links and Attachments: Don’t click on links in unsolicited emails/messages or download attachments. If you are still keen to do so, check with the sender first (but not by replying directly) that it is a legitimate message and not a phishing attack.
- Strengthen Authentication: Use multi-factor authentication (MFA), a Password Manager and use strong, unique passwords for all applications and websites to head off phishing risks. This will also improve user experience, as iPhones come with Face ID for seamless biometric authentication.
- Enhance User Awareness: Update security awareness training for employees, using real-world simulations to keep them aware of the latest tricks. And ensure they know all the key iPhone attack vectors, e.g. mobile applications requesting additional permissions, email and SMS phishing URLs, and downloading APKs.
- Use a VPN on Public Wi-Fi: Free Wi-Fi can imperil iPhone security and privacy. So, ensure all employees are prohibited by policy from using it, unless via a VPN
- Configure Devices Properly: Ensure device settings are optimized for privacy and security.
- Leverage New Features: Apple is always adding new security features, so familiarize yourself with the latest capabilities. From the most recent announcements, consider:
- Enabling iMessage Contact Key Verification for high-risk users
- Opt-in to Advanced Data Protection
- Using a third-party security key with the Security Keys for Apple ID feature
- Use Lockdown Mode: Considered “optional, extreme protection” by Apple, Lockdown Mode restricts functionalities that reduce the attack surface, especially those that could be exploited by spyware. The functions include, but are not limited to: attachment blocking, certain complex web technologies, restrictions on FaceTime, restrictions on photo sharing, device connections and profile configurations/mobile device management.
Understanding iPhone Malware Scanning
When it comes to security software, it’s important to bear in mind that iPhones don't allow third-party apps to perform deep system scans. This is because of the sandboxing feature built into iOS, which securely isolates apps to protect system integrity. So, while security apps can help monitor data usage, detect malicious websites, and enable safe browsing, they cannot perform full malware scans on a device.
ESET Tips and Insights
“In 2024, we identified a novel attack vector that exploits Progressive Web Apps (PWAs) and WebAPKs to distribute malware on Android and iOS devices. Originally intended to let users install apps directly from websites via browsers, these technologies offer convenient home screen icons for web-based services. Unfortunately, attackers have leveraged them to create malicious apps that mimic legitimate banking interfaces, capturing login details, passwords, and two-factor authentication codes to gain unauthorized access to victims’ accounts. Notably, PWAs and WebAPKs allow cybercriminals to operate outside official distribution channels including malicious ads, websites, phishing campaigns, social engineering, and compromised email attachments, thus bypassing Apple’s traditionally stringent App Store policies. Although Apple continues to bolster its security frameworks, this evolving threat environment underscores the need for heightened vigilance and proactive defenses, including verifying an app’s origin before installation.”
- Lukáš Štefanko, ESET Senior Malware Researcher
Don’t Take Apple Security for Granted
Although iPhones are still widely regarded as the most secure devices around, it’s important not to underestimate the determination of bad actors. Apple provides a great foundation for secure device use, but you should build on it with user vigilance, watertight policies and strong enforcement. For solo users this means keeping software updated, and being cautious about new apps, incoming messages and web content.
