User profile for user: Shutoutaluck
Shutoutaluck Author
User level: Level 1
13 points

iPhone 15 hacked with rootkit malware and iOS Account Manager access

I used to be in the same ignorant bliss most of the replies are in when they try to discredit and discount when people say they think their iPhone is hacked and still being hacked. I would’ve call you nuts too, that a multi billion dollar company’s security could be so easily fully compromised and taken over going after a nobody. But I’m living this nightmare as we speak. Right after getting my crypto wallets drained by malware a month ago and removing that. I got cooked BAD by the most insane malware I’ve ever seen. I was trying to use a recovery tool to view a deleted iMaze IOS backup, after I had been worried of an infection from link I clicked on twitter that in OS15 sandbox installed and elevated permissions using a zero click miltre attack. I recovered the deleted PLI and unfortunately, of course, downloaded a top hit PLI viewer which ended up being rootkit malware and much much more. Behavior on my windows device (will keep short), is almost like someone is constantly there trying to mitigate my removal. What happened to malicious download warnings? Used all tools, reset to factory settings etc. When I set the bios to default, with drive erase at next boot, it stopped that from happening and installed a second BIOS uiefi which when I click to edit, automatically boots the drive. So why am I posting here? WELL, my up to date IOS18 iPhone 15 device is being fully mirrored, with camera, all keychain info, app data microphone, and ESIM access using a tool called IOS account manager.



[Re-Titled by Moderator]

Posted on Jan 17, 2025 12:08 AM

Reply
Question marked as Top-ranking reply
User profile for user: Shutoutaluck
Shutoutaluck Author
User level: Level 1
13 points

Posted on Jan 17, 2025 12:08 AM

I’ve been noticing lag and my iPhone fighting me to do things, cloning of legitimate https URLs that display lookalike pages with slight differences compared to load on a clean phone, account security promps trying to get me to allow my device to bypass 2 factor authentication. Thank got for 2 factor right? WRONG, while on a tech call with Norton life lock who said nothing would be on my computer after the steps I took, the malware signed my freshly erased computer into Skype, with a Gmail I’ve never used for Skype or on that computer. What about 2 factor? Never got a message on my device, but I’d assume they intercepted it. And then when I tried to show how wrong the tech support was after telling me my system was fine. I lost control of the mouse when trying to pull tab for shutdown. And It actively prevented my iPhone from receiving their email for a picture upload. How do I know this? Well I received all of the other emails before and after the image upload email was sent. And it was only viewable after I re enabled iCloud on web and viewed my inbox there. I honestly don’t know what to do at this point, I’ve had a persistent malware before. But not one that is infecting across devices, mitigating all of my password resets, 2 factor authentication, and setting device security keys with my mirrored device to lock me out. I’ve been awake for almost 3 days trying to fight this cook, and idk what to do anymore. I cannot believe this is possible, let alone happening to me. I’m unemployed, broke, and have a ****** credit score. Not a high value target at all whatsoever, yet they have fully compromised my data inside and out despite 3 hours of support calls with apple leads who says this falls out of their support and I should call the authorities. And definitely google because this isn’t possible in the IOS ecosystem and clearly it’s a security issue with google since it’s their 3rd party app and email accounts showing warnings of suspicious activity and password change attempts USING my iPhone signature and location with IOS account manager showing under device details. All of the forum posts I’ve read give me a pit in my stomach because it sounds exactly like what I’m experiencing right now. And once it started nobody has been able to find help. I’ve reset my passcode, clean erased with no iCloud data backup, changed password so many times I’m starting to even forgetting them. I already have enough issues to deal with let alone being targeted by next level spyware. Everyone farting around at Apple says isn’t possible on iPhone, and if an exploit was found it would be quickly patched. I’d love to hear what they have to say about a COMPLETE system manipulation with FULL, EXTENSIVE, PERSISTENT, CONTROL of a persons entire online identity by using an iCloud sharing exploit to mirror their Phone. The Apple person said it wasn’t possible to view an iCloud backup data, because even Apple can’t view it. And I was like what about the third party app I used to do that exact thing, their response is they only understand/work within the Apple ecosystem. I was paranoid enough thinking I may have gotten my IPhone hacked, but now that it is happening and snowballing so out of control that the only people who could help are the Authorities, I wish again for that ignorant bliss, where every action I took wasn’t being monitored and used to exploit me in some way. I’m not even being paranoid anymore, I’ve tried to justify everything to myself to feel better, but I’ve never experienced anything this before and I’m sacred. I can’t even use my own Face ID protected phone to do anything anymore. I talked to T Mobile who were very antimate they truly believe what I am experiencing because they had themselves seen posts on social media about this happening. They said they are going to reach out to the Apple team and try to find a solution. I paid for life lock premium to get their device malware removal support and they just said I’m good because their tool and tech don’t see anything, and exactly what I’ve done is their last counter to malware removal because “malware can’t survive system and os install”. And if I still think I have malware I need to reach out to Microsoft or a local tech for support. The first malware I got wasn’t detected in any of the security apps on the market but did scary things in virus total sandbox. I know I have malware and this is next level, I’m scared I’ll literally have to use a good portion of that 1 million dollar liability for mitigation of identity compromise.

View in context

Similar questions

2 replies
Question marked as Top-ranking reply
User profile for user: Shutoutaluck
Shutoutaluck Author
User level: Level 1
13 points

Jan 17, 2025 12:08 AM in response to Shutoutaluck

I’ve been noticing lag and my iPhone fighting me to do things, cloning of legitimate https URLs that display lookalike pages with slight differences compared to load on a clean phone, account security promps trying to get me to allow my device to bypass 2 factor authentication. Thank got for 2 factor right? WRONG, while on a tech call with Norton life lock who said nothing would be on my computer after the steps I took, the malware signed my freshly erased computer into Skype, with a Gmail I’ve never used for Skype or on that computer. What about 2 factor? Never got a message on my device, but I’d assume they intercepted it. And then when I tried to show how wrong the tech support was after telling me my system was fine. I lost control of the mouse when trying to pull tab for shutdown. And It actively prevented my iPhone from receiving their email for a picture upload. How do I know this? Well I received all of the other emails before and after the image upload email was sent. And it was only viewable after I re enabled iCloud on web and viewed my inbox there. I honestly don’t know what to do at this point, I’ve had a persistent malware before. But not one that is infecting across devices, mitigating all of my password resets, 2 factor authentication, and setting device security keys with my mirrored device to lock me out. I’ve been awake for almost 3 days trying to fight this cook, and idk what to do anymore. I cannot believe this is possible, let alone happening to me. I’m unemployed, broke, and have a ****** credit score. Not a high value target at all whatsoever, yet they have fully compromised my data inside and out despite 3 hours of support calls with apple leads who says this falls out of their support and I should call the authorities. And definitely google because this isn’t possible in the IOS ecosystem and clearly it’s a security issue with google since it’s their 3rd party app and email accounts showing warnings of suspicious activity and password change attempts USING my iPhone signature and location with IOS account manager showing under device details. All of the forum posts I’ve read give me a pit in my stomach because it sounds exactly like what I’m experiencing right now. And once it started nobody has been able to find help. I’ve reset my passcode, clean erased with no iCloud data backup, changed password so many times I’m starting to even forgetting them. I already have enough issues to deal with let alone being targeted by next level spyware. Everyone farting around at Apple says isn’t possible on iPhone, and if an exploit was found it would be quickly patched. I’d love to hear what they have to say about a COMPLETE system manipulation with FULL, EXTENSIVE, PERSISTENT, CONTROL of a persons entire online identity by using an iCloud sharing exploit to mirror their Phone. The Apple person said it wasn’t possible to view an iCloud backup data, because even Apple can’t view it. And I was like what about the third party app I used to do that exact thing, their response is they only understand/work within the Apple ecosystem. I was paranoid enough thinking I may have gotten my IPhone hacked, but now that it is happening and snowballing so out of control that the only people who could help are the Authorities, I wish again for that ignorant bliss, where every action I took wasn’t being monitored and used to exploit me in some way. I’m not even being paranoid anymore, I’ve tried to justify everything to myself to feel better, but I’ve never experienced anything this before and I’m sacred. I can’t even use my own Face ID protected phone to do anything anymore. I talked to T Mobile who were very antimate they truly believe what I am experiencing because they had themselves seen posts on social media about this happening. They said they are going to reach out to the Apple team and try to find a solution. I paid for life lock premium to get their device malware removal support and they just said I’m good because their tool and tech don’t see anything, and exactly what I’ve done is their last counter to malware removal because “malware can’t survive system and os install”. And if I still think I have malware I need to reach out to Microsoft or a local tech for support. The first malware I got wasn’t detected in any of the security apps on the market but did scary things in virus total sandbox. I know I have malware and this is next level, I’m scared I’ll literally have to use a good portion of that 1 million dollar liability for mitigation of identity compromise.

Reply
User profile for user: Wanderlust505
Wanderlust505
User level: Level 1
26 points

Jan 31, 2025 07:58 AM in response to Shutoutaluck

I have had something similar happen to me too. My new iPhone 15 Pro Max was hacked via my home network being compromised and a rootkit RAT trojan was injected into all of my devices. Factory resets do not work, but that is the only thing that Apple offers. The hackers then cloned my freaking phone and wiped my iCloud recovery key, so I ended up being locked out of my own phone and losing all of my family photos, docs, etc. as well as access to all of my email accounts and apps on the phone. The malware that was used is tweaked ever so slightly to mimic the legit bios recovery files on each infected device. So when you wipe a Windows laptop or an Apple iPad, as soon as you set it up again, within 24 hours the devices will show the tell-tale signs of being infected.

Here's what I have learned so far, and hopefully this may help others:

  1. Turn off bluetooth. Infected devices are constantly pinging other devices nearby via bluetooth, even when they're not in pairing mode.
  2. Delete FaceTime. I caught audio recordings on my phone and saw that my calls were being recorded.
  3. Delete the Health and Fitness apps. The malware on my devices uses those two and it's embedded into the bios files.
  4. Turn off cellular data for FaceTime, the camera app, photos and notes.
  5. Turn off the camera/microphone access, Apple intelligence and Siri features for all apps not needed.
  6. Don't use FaceID but use a passcode instead. Put a passcode on all important apps, eg banking/email apps.
  7. Go into the privacy settings and find the Health/fitness data and delete it. That's where the malware was on my Apple devices. You will need to do this every few days unfortunately.
  8. Put a SIM PIN immediately on your iPhone since it sounds like it may have been cloned like my phone was.
  9. Backup everything on your phone except for unnecessary apps.
  10. Don't save any passwords to your phone or iCloud. EVER.
  11. if you use Gmail or Facebook, be sure to delete all of the saved WiFi connections stored there. Makes it easier for them to keep finding you and reinfecting your devices.

Good luck!


Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

iPhone 15 hacked with rootkit malware and iOS Account Manager access

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up