How to remove a virus from an iPhone

Apple or Android may be the classic fanboy duel, but in the case of viruses and malware, the winner is most definitely Apple. Due to a closed operating system and tight security protocols on the App Store, the chances of a virus on an iPhone or iPad are all but non-existent. That doesn’t mean you can be complacent, though. In very specific and rare circumstances, it is possible to get a virus on an iOS device. Here’s how to remove a virus from your iPhone if you think your device has been infected.

How did my iPhone get a virus or hacker in the first place?

Apple has a closed system when it comes to iOS and iPadOS software, in which components are heavily sandboxed. They also have a strict approval, testing, and moderation policy for the App Store. Add to that regular security patches and 256-bit AES encryption, and the chances of a virus or hacker getting into your device are extremely rare.

Saying that, there are four specific scenarios where it’s possible for an iPhone to be compromised.

You jailbroke your device

As far back as a decade ago, jailbreaking was all the rage for accessing apps and features that Apple refused to support. It isn’t nearly as popular now — Apple has closed many security exploits, and caught up in features — but some people still do it. The tradeoff for the freedom of jailbreaking is putting yourself risk of getting a virus or hacker.

If you’re new to the concept, jailbreaking is when you remove the software restrictions on a device. You can then install more apps and customizations, such as personalized app icons and fonts. The same barriers that harm customization often keep malicious software from inflicting damage, however, and Apple has been militantly against jailbreaking for that reason. That also conveniently funnels people through the App Store.

You clicked on a suspicious link on a website or in iMessage

One of the easiest and fastest ways for a hacker to get a virus onto your iPhone is through an infected link, which you’re tricked into tapping. Always be suspicious of links from sites or messaging contacts you don’t recognize, or ones that look familiar but are misspelled or behaving abnormally.

If you have your web browser’s security warnings enabled, it can often pick up when you visit a shady website. But many of us may be in a hurry doing something else and tap a link without thinking. These links can also come via the Messages app, where hackers will send iMessages or SMS messages with scam links. They might claim you’ve won a competition, got a tax refund, need to verify a bank account, or some such thing that demands immediate action. As a rule, anything that important won’t be handled via a chat app.

You downloaded an app that wasn’t in the App Store

As we said, every app in the App Store is strictly tested, vetted, and approved. So the chances of a virus-infected app reaching the App Store are extremely slim. But the same doesn’t apply if you download and install an app from outside the App Store. If someone gives you an IPA file (the iOS app format) and asks you to install it, then it hasn’t been checked by Apple, and the code could contain anything. You would be taking a massive risk installing it.

You’re the target of law enforcement or a government intelligence agency

The last possibility is one that likely won’t apply to 99% of people, but conceivably, you could be the target of local law enforcement or a government intelligence agency. In that case all bets are off, and anything could happen. The most infamous example of this is Pegasus, spyware that governments have slipped onto the phones of legitimate criminals as well as people who are simply journalists, dissidents, or foreign leaders.

By definition this sort of infection is difficult to detect, so the most you can do is adopt defensive strategies, for instance disabling your iPhone’s cameras or taking conversations offline if you’re worried a government might persecute you for them. If an organization can help you uncover an infection, it’s probably time for a new phone regardless.

9 signs and symptoms of an iPhone virus or hacker

So how do you know if your iPhone has a virus or was hacked? Here are nine possible signs and symptoms.

Suspicious charges on your phone bill, debit card, or credit card

An obvious sign that something is wrong is if you have unexplained charges on your phone bill or debit/credit card statement. Anyone that has access to your iPhone may also have access to Apple Pay, other payment methods, and/or your SIM details. If so they might call international or premium rate numbers, or start a spending spree in which you foot the bill.

Beyond statements, watch for email notifications that you’ve subscribed to a new app or service. If you don’t recognize them, you’ve almost certainly been hacked, whether on your iPhone or elsewhere.

The phone is getting slower or hotter

If you notice that your phone is getting slower or hotter, then that could be a sign of malware taxing the CPU and RAM. If your device gets unnaturally hot and slows to a crawl, then it’s time to investigate further.

It’s a big red flag if official Apple apps are constantly crashing. This goes back to the extra strain on the CPU and RAM.

The battery is draining faster than normal

If an iPhone’s battery starts draining faster, then that could also be a sign of something going on behind the scenes. Keep in mind that Apple’s own software updates sometimes trigger extra drain, and legitimate third-party apps can affect power if they need to run in the background.

Apps are appearing that you didn’t install

You should always be checking the apps installed on your phone, even if it’s just casually. If you find one that you didn’t install, then your not-so-friendly neighborhood hacker probably did it for you. They’re not doing it out of generosity, so expect malware.

Your browser settings have been changed

If you notice that your browser settings have been changed, then it really is time to send up a flare. This can include anything from your preferred search engine and browser homepage being changed, NSFW pop-ups appearing virtually non-stop, and being redirected to the wrong website (quite often a spammy and badly designed one, or an adult site). Websites can also look different than normal, with fake banners and signup forms.

Texts or call records appear on your phone that were not made by you

The tide of phone and text scams is unending, and what better way to avoid being caught than to piggyback onto your SIM card and impersonate you? If you notice any strange calls in your call log or any unrecognized texts in Messages, then it’s time to act.

Even when you’re making legitimate calls yourself, if you hear suspicious noises on the line, such as clicking or echoes, then that could be a sign that someone’s listening.

Higher than normal data usage

Another thing you should constantly monitor on your iPhone is data usage. If your consumption suddenly shoots through the roof, that could be a sign of malware funneling data to distant servers. The link isn’t guaranteed, since sensitive info can be sometimes contained in just a few kilobytes.

Your iPhone settings have been changed

If anyone wants maximum access to your iPhone, the obvious best way to go about it is to change device settings. It’s not realistic to check this frequently, but if you notice anything different that clearly wasn’t your doing, consider factory resetting your device.

Your iPhone is rebooting by itself

For an attacker to put certain system changes into effect, they may need to restart your device. If your phone suddenly starts rebooting independently, don’t shrug it off and ignore it. This could be the start of something much more sinister.

5 options to combat a virus or hacker on your iPhone

If you’re convinced that your iPhone is infected or otherwise under attack, then it’s time to take decisive action. The longer you leave things, the more damage you’ll suffer. Don’t waste time restarting your device, as some sites would have you do. Follow these steps instead.

Tell your contacts to ignore any suspicious messages

When your iPhone is compromised, there’s a decent chance an attacker has accessed your contacts app and started impersonating you, whether it’s to share malicious links or ask for money or personal data. As a precaution you should get in touch with each of your contacts using another device, warning people to ignore any suspicious messages.

Turn off iCloud, Wi-Fi, and your carrier data plan

The next step is to completely disconnect a contaminated device from the internet, including both Wi-Fi and carrier data. You should also disable iCloud, because if your phone chooses to make a backup at any point after it’s attacked, malware can be incorporated, re-infecting anything the backup is installed on.

Check your iPhone settings

Go into the iPhone Settings app and start looking for suspicious changes. These can be altered network settings, configuration profiles that you didn’t install, or unfamiliar apps. Methodically go through each section and check to ensure settings are as expected. If not, reverse them immediately.

You might also scan apps like Photos and Files to make sure that nothing has been deleted or modified. You should also change your iCloud password, and ensure that two-factor authentication is enabled.

Check your browser settings

Next, check your web browser. Has your search engine been switched? Are you being redirected to other websites which are clearly fake? Are lots of pop-ups appearing onscreen?

If so, you need to wipe your browser data. With Safari, for example, you’ll need to find its settings and clear the cache, cookies, and temporary files. With any other iOS browser, it may be faster and more effective if you completely delete the app, delete the cache, cookies, and files in iCloud settings, then reinstall. But be aware that your browser sync may have copied any unauthorized browser changes to other devices.

Factory-reset your device

The only way to reliably remove a virus on iPhone is to perform a factory reset. The steps above are really about containing fallout so you can get to this stage.

Before you do, you should:

• Go into iCloud and delete all of your backups, or at least everything after your earliest suspected infection date. One or more of them could be infected with malware.
• Back up your photos, videos, and other local files to a computer. Use your iPhone’s charging cable to transfer everything over — don’t risk reconnecting your phone to the internet for wireless transfer or cloud sync. The bad news is that iPhones normally restrict a computer’s direct file access to photos and videos.
• Using another device, change the passwords to all of the accounts connected to your phone. Most likely, this will include your email, iCloud, social media, online banking, and online shopping.
• Consider removing cards from Apple Wallet and putting a freeze on their numbers until you see if any suspicious transactions are pending.

7 ways to keep your iPhone safe from viruses and hackers in the future

Once you’re 100% sure that traces of an attack are gone, then it’s time to put some good security practices into place to stop it from happening again.

Change your passwords and turn on 2FA

The first thing to do is make it a habit of changing your account passwords. That means iCloud, Gmail, social media, and anything else you can think of. You don’t have to do this weekly or monthly, but even once or twice a year can improve your odds, since logins sometimes end up exposed in server breaches. You’ll want a strong password that’s hard to guess, as well — famous whistleblower Edward Snowden recommends using passphrases, since combinations of words are unlikely to be brute-forced.

Turn on two-factor authentication, and while we’re at it, make sure a backup email address is set so you’re always warned about password changes.

Avoid public Wi-Fi networks — and use a VPN if you must use one

Working from your iPhone at a coffee shop may be convenient, but there’s a non-zero risk that the guy sitting at a corner table is using software to collect data via unencrypted Wi-Fi. He’s probably not, but you’re rolling the dice.

If you must use public Wi-Fi, install a VPN that will reroute your internet traffic through various servers, making it hard or impossible for anyone to snoop on you. There are many VPN services to choose from.

Avoid jailbreaking your iPhone

As we’ve said, the biggest target you can paint on your back involves jailbreaking your iPhone and dismantling the security protections Apple provides. Jailbreaking has its benefits, but if you’re worried about intrusion, this one’s a gimme. Even if you aren’t attacked, you could still potentially brick your phone and void your warranty.

Keep iOS and your apps up to date

Apple and third-party developers are regularly pushing out security updates to close vulnerabilities. If you don’t have automatic updates on, be sure to check Settings > General > Software Update on a weekly basis, and open the App Store to update apps. If you don’t install available patches, it’s like leaving the door open in a high-crime neighborhood.

Put a passcode on your screen to stop anybody from accessing the device

If you lose your phone or put it down and walk away, it might not take long for someone to pick it up and rummage around. Set a six-digit passcode at a minimum, whether or not you plan to use Face ID or Touch ID.

Don’t click any unknown email and text message links

Towards the beginning of the article, we said that tapping on malicious links is one of the ways to get into this kind of trouble. So from now on, don’t tap on any email link or text link from someone you don’t know. Especially if it’s a shortened URL, which can disguise its real address.

If you’re asked to go to a website, manually type it into the browser yourself. If it doesn’t support HTTPS, be extremely wary. Close a browser tab right away if a site gives off any negative vibes at all.

Only install apps from the App Store

Finally, it’s fun to install smartphone apps, but confine your downloading to the App Store. That way, you can rest assured that the app you want to install has gone through rigorous checks.

Read more: How to check for and remove malware from a Mac

FAQs