User profile for user: Huelo
Huelo Author
User level: Level 1
23 points

Privacy - r3.o.lencr.org - keeps connecting on iPhone 13 - how to stop these Malware infections?

I have my iOS 16.3.1 - Phone 13 set with the new security feature Lock Down enabled. From privacy checks, after restarting the device, it is automatically connecting to this website: http://r3.o.lencr.org/

I have read about this domain on Apple Support community, where a highly rated response said that it is a Malware.


Furthermore, Apple support advised that I should perform a Reset after consulting with them about this, which I duly performed. Yet, a few days later, I can see the reset iphone is still calling home to http://r3.o.lencr.org/, which is very concerning?


I live in Australia, and note that (sadly) our govt recently (in late 2021) passed in secrecy some very draconian secrecy laws aiming at VPN services:


https://www.techspot.com/news/91071-australia-passes-surveillance-bill-police-take-over-accounts.html


I also read that letsencrypt org (lencr.org) uses the same website address as the r3.o.lencr.org! however, I am unable to see that particular website listed by letsencrypt? Furthermore, it seems bizarre that letsencrypt org could adopt exactly the same website address as a well known Malware targeting Windows and Mac users - why would they choose to choose a domain name the exact same as a known Malware?


I reached out to Apple a second time, and after blocking the http://r3.o.lencr.org/, and it’s https variant using Screen Time app (via Content and Privacy restrictions), I now find that Safari is broken. I now can not create a Private Tab…only have the option for non private tabs now. I am wondering if I am targeted for this new draconian surveillance laws, which is now sadly permitted for use Australia. I do use a VPN (Mullvad) and can see that accrues an enormous amount of apps (360) contacting this domain in Privacy Reports in short periods of time. Sadly, I may be under surveillance possibly because of my political viewpoints (opposing US hegemony), and figure this might’ve why I am being targeted.


Sadly, Australia now has the most draconian internet laws in the so called “free world.”


Feeling quite privacy compromised on a platform that emphasizes it’s privacy credentials : (


Hoping someone knows how to block the http://r3.o.lencr.org/ and it’s https variant - without breaking Safari - as outlined above??


Thanks L


iPhone 13, 16

Posted on Mar 10, 2023 8:39 PM

Reply

Similar questions

2 replies
Sort By: 
User profile for user: Huelo
Huelo Author
User level: Level 1
23 points

Mar 10, 2023 9:44 PM in response to shoeluvr13

Hi shoeluvr13, thanks for your input, however I did mention that the Malware uses the same domain name as the LetsEncrypt site in my query. The fact that Malware can hijack a well known domain that verifies encryption is scary in it self. How is a user to know whether it is connecting to the Malware site or the LetsEncrypt SSL site? Very scary😱

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Privacy - r3.o.lencr.org - keeps connecting on iPhone 13 - how to stop these Malware infections?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up