iOS Malware



The below list is not exhaustive and is meant to provide an overview of the most prevalent iOS malware impacting US victims. This page is updated regularly with new information.


iOS is a “closed-source” operating system (OS) developed by Apple for its mobile devices. It first launched in 2007 with the release of the first iPhone and was initially named “iPhone OS 1.” Though IBM’s Simon was the first cellular phone to include “personal digital assistant” (PDA) features, the iPhone was the first mass-market touch-screen “smartphone.” In 2008, iPhone OS 2 was released with increased capabilities, adding third-party apps available through what is now known as the App Store, and location services using Global Positioning Signal (GPS). Apple changed the OS name to iOS with its fourth iteration in 2010, as it began running on iPods and the new iPad tablets. This release also came with Facetime, providing video-calling on users’ mobile devices. In 2011, iOS 5 introduced push notifications, iMessage, Siri, and iCloud. This also marked the first time that iPhone users received over-the-air software updates, no longer needing a USB connection to iTunes for updates. With iOS 6, Apple launched Apple Maps, a direct competitor to Google Maps. The OS underwent a major design overhaul with iOS 7 and integrated new additions such as Bluetooth, a flashlight, AirDrop, and Touch ID for biometric authentication. Apple focused on usability for its iOS 8 release and launched Apple Pay with the iPhone 6. In 2015, iOS 9 introduced 3D Touch and Apple Music, as well as improvements to Siri. iOS 10, released in 2016, marked a new page for Apple as it opened the Siri, Maps, and iMessage software development kits to developers. Apple’s latest release, iOS 11, was released on June 19, 2017 and includes various user interface improvements and a new “Do Not Disturb While Driving” function for iPhone that, if enabled, automatically silences alerts and keeps the device’s display off while the user is driving.



iOS malware is malicious software designed to exploit Apple’s iOS operating system running on smartphones, tablets, and other devices. Some variants of iOS malware have the capability of disabling the device, allowing a malicious actor to remotely control the device, track the user's activity, lock the device, or encrypt or steal personal information transmitted from or stored on the device. As users are increasingly turning to mobile devices for both business and personal use, cyber threat actors are increasingly devoting their efforts to developing malware designed to compromise mobile devices, including operating systems, like iOS, and applications, like those available in the App Store. Android devices have historically seen more malware threats than iOS largely due to the open-source operating system; however, malware specifically targeting iOS has increased in the last two years and various threat actors, including nation-states and the most sophisticated criminal groups, are likely investing in research and development towards malware intended for Apple products.


  • Ransomware – a type of malware that encrypts or steals sensitive data and demands a payment to either decrypt or return it. Mobile ransomware began with a “lock screen,” often accusing the victim of viewing unlawful content, demanding money for the device to be unlocked. It evolved into malware that encrypts all files on the mobile device and demands payment to provide the decryption key for access to the files.
  • Adware – the most common app-based mobile threat, adware is malware that automatically delivers advertisements to the infected device to generate revenue for the threat actor. It changes browser settings, collects personal information such as the victim’s phone number and email, and modifies desktop icons and settings. Some adware has evolved to be able to break and root infected devices.
  • Trojan – a type of malware disguised as a legitimate file or application; the user unintentionally installs the malware onto their device. Trojans can provide threat actors with unauthorized access to the victims’ device and allow them to download additional malware onto the device. This type of malware can have a severe impact and often results in the theft of sensitive information. There are many types of trojans, named for their function, including: banking trojans, trojan downloaders, and spyware.
  • Rootkit – a type of malware that allows threat actors to gain full administrative privileges to the targeted device. Users are typically infected via malicious apps disguised as legitimate applications or via trojans previously installed on the device. Rootkits provide threat actors with full control over the device and are also likely able to download additional malware and applications, spy on the user’s browsing habits and emails, steal credentials, listen to conversations, take photos, locate the phone via GPS, and use the device for click-fraud.


iOS malware can infect a user's mobile device through several means, including clicking malicious links in emails or SMS texts, opening infected email attachments, visiting a compromised website, downloading an infected application, connecting to an unsecured or malicious WiFi network, or downloading a malicious file. Once a device is infected, a threat actor can conduct nefarious activity and load additional malware onto the device. Devices running iOS are far more vulnerable to threats if they are “jailbroken” – the act of changing the OS and stripping it of the restrictions imposed by Apple and the users’ carrier, including those meant to protect it from malware infections.



  • Immediately apply operating system and application patches and updates.
  • Use a strong, unique Apple ID password and enable two-factor authentication.
  • Enable Touch ID for unlocking your device, making purchases through iTunes, the App Store, and Apple Play. When Touch ID is unavailable, set a complex passcode by turning off the Simple Passcode (four digit) option. Additionally, enable the option to erase the device after ten failed attempts to prevent a threat actor from brute-forcing the passcode.
  • Have your device set to automatically lock the screen when not in use and require a passcode or biometric authentication to unlock it.
  • Enable the Find My iPhone service in the event your phone is lost or stolen. This will give you the option to remotely wipe your device.
  • Disable Siri access from the lock screen so that it can’t be used to bypass the iPhone’s lock screen.
  • Avoid “rooting” or “jailbreaking” devices, as this can weaken or disable security settings, making the devices more susceptible to malware infections.  
  • Avoid downloading applications from third-party app stores.
  • Disable Bluetooth when it is not required or in use.  
  • Consider downloading or purchasing a reputable anti-malware application that scans apps when downloaded and when they are being updated.
  • Avoid responding to, or clicking links within, unsolicited text messages. Never trust text messages sent from an unknown user.
  • Never input sensitive personal or financial information onto forms on an unencrypted, unsecure webpage. Only use secure sites that display HTTPS in the URL.
  • Avoid accessing any public or unsecured WiFi network. If you must use an unsecured WiFi connection, use it in conjunction with a virtual private network (VPN) and avoid logging into personal or financial accounts.
  • Turn WiFi off when not in use.
  • Scrutinize the permissions requested by applications. Avoid granting applications permissions above what should be necessary to fulfill their function. For example, a fitness app would likely not require, and therefore should not be requesting, SMS read/write access to your mobile device.
  • Organizations operating with BYOD policies are urged to educate employees on mobile threats and vulnerabilities, implement monitoring and endpoint protection on all mobile devices, establish the capability to remotely wipe lost or compromised devices, and ensure programs and users have the lowest level of privileges necessary to complete tasks.  


  • Apple provides an iOS Security Guide for iOS 10 here.


If you or your organization is the victim of an iOS malware infection, please report it to the NJCCIC using the Cyber Incident Reporting form on our website. Victims can also report incidents via email at or phone at 609.963-6900 extension 7865.