How Check iOS and Mac OS For Spyware

[PGB1]

I know the answer to this is here somewhere, but I can't find it. Searching this forum shows results not related to security.
Searching general on line places only brings up apps to purchase, which I've learned here is not wise.

The Problem:
I used a virtual pre-loaded gift card at the AT&T site to pay an invoice using iOS 18 on an iPad. The transaction went through fine. Almost instantly I received e-mail after e-mail telling me that the transaction failed due to insufficient balance. This has been going on for days. The bad guy was finally successful in using the balance.

The issuer of the Visa Gift Card can not be contacted. They have no phone number nor e-mail address unless you are a vendor of those cards and have an account. AT&T said the leak was not on their system and has to be my device. Contacting the place where the successful transaction was made (Something called Etsy) resulted in "Not our fault". "No refund". The failed attempts were mostly Walmart and Amazon. Neither will block the card number.

The browser, Brave, has no extensions, so that possibility is out.

Is there a way, without buying a questionable app, to check the iOS device for sneaky stuff that steals information? Also, is there a way to do this with Mac OS? To perhaps better phrase: Is there a way to make sure the problem is somewhere other than our Apple devices?

And, do you have any suggestions for where the bad guy broke in to steal the information?

Thanks For Helping me figure out what I should be able to figure out on my own, Again, I apologize if the information is here somewhere & I missed it.
Paul

 

[MacInWin]

Where did you get this virtual pre-loaded gift card? What do you mean by "The bad guy was finally successful in using the balance?" Did it work for you? Usually gift cards, once redeemed, are then unable to be reused unless the card has a balance left on it. Is that the case here? Etsy is usually reliabe, my wife has been using them both as a seller and a buyer for years.

Frankly, if the gift card has a balance on it, spend it before this "bad guy" does.

Did you get what you bought with it? Are you sure you were actually at the correct site for that, or could it be you were on some other site mimicing it?

As for scanning, a quick search revealed this relatively current article:

iPhone viruses are rare, but here's what to do if you find one

Hackers never sleep, so here's how to check your iPhone or iPad for viruses and malware.

www.macworld.com

I did a quick scan of it but did not read it fully. The probability of you having a virus is really very low, unless your iPhone is jail-broken or you live in the EU.
EDIT: I just read the article I linked and it listed some third-party apps (paid, of course) that they say might work. Don't bother, they are all total rubbish.

 

[Jimmysb]

The probability of you having a virus is really very low, unless your iPhone is jail-broken or you live in the EU.

Not sure what you are implying, please can you expand.

 

[MacInWin]

Not sure what you are implying, please can you expand.

I'm not implying anything. It was just a comment. The basic, unchanged iOS and iPadOS are pretty tightly engineered to stay only in the Apple sphere of operations. However, there are processes to break down that tight security to allow users to install things not vetted by Apple through the App Store. That process is known as "jail breaking" because the users of those processes see the Apple sphere as a "jail" that prevents them from doing just that, install non-Apple vetted software. And in the EU, Apple has been forced to open a back door for installation of software from non-Apple store locations, essentially weakening the overall security of Apple's "walled garden" of operations. So, if you have a jail-broken phone, or one configured for the EU, then you have lower security than if you have, say, an iPhone for the US, or anywhere else. And thus, the risk of a virus getting into the iDevice is higher if it's jail-broken or EU-configured. Apple did try to warn the EU about the risks, but the EU decided that access to non-Apple stores and direct to developers was more important than the added security.

 

[PGB1]

"Where did you get this virtual pre-loaded gift card?"
From Grainger. It was a promotional gift for some of their long term customers.

"What do you mean by "The bad guy was finally successful in using the balance?""
The bad guy tried many stores and many transactions. All were above the remaining balance. All got rejected except the Etsy one.

"Did it work for you? Usually gift cards, once redeemed, are then unable to be reused unless the card has a balance left on it. Is that the case here?"
This card one can use part of the balance for many transactions over many weeks.

"Etsy is usually reliabe, my wife has been using them both as a seller and a buyer for years."
Etsy could have (shoudl have?) seen that the e-mail address and physical address for shipping did not match the one on the card. But, what do I know?
And, my largest problem is that I can not contact Etsy to have the charge reversed without signing up and being a member. There is no phone number. Any attempt to follow on line contact instructions tells me to sign up. But that;'s not the purpose of this forum. It's just a complaint.

"EDIT: I just read the article I linked and it listed some third-party apps (paid, of course) that they say might work. Don't bother, they are all total rubbish."
Thanks for the heads up about the apps!

Basically, what I am trying to find out is how the bad guy got the information.
From reading above, it sounds very unlikely that they are "inside" the Apple device.

Therefore, is it correct that the leak either was while the data was transmitting between the browser and AT&T or at AT&T. (The browser showed HTTPS for the AT&T web site and goes through Brave's VPN.)
Did I understand where the leak was correctly?

Thanks For Helping,
Paul

 

[Randy B. Singer]

Not sure what you are implying, please can you expand.

At least here in the U.S. (and most other countries), the only source for software for the iPhone is the Apple App Store. Apple vets all software for malware prior to allowing it to be included in the App Store. So, since the only source for software for your iPhone is the App Store, and since there is no malicious software on the App Store, there is no vector for malicious softwaree to get on your iPhone. (If you live in the E.U., and you never download software from anywhere other than the App Store, you are similarly protected.)

That means 1) that the iPhone is a safe computing platform, and 2) that any anti-virus/anti-malware software for the iPhone is a scam.

Yes....if you do a deep Google search you can find rare instances where malware went undiscovered by Apple in the vetting process. But such software is very soon discovered and deactivated by Apple. In short, there is no reason to be paranoid about the security of the iPhone.

 

[Randy B. Singer]

To further elucidate, not only are anti-virus programs for the iPhone a scam, but...it's impossible to create an actual anti-virus scanner program for the iPhone. All apps on the iPhone are "sandboxed." This means that they aren't allowed to interact with other apps. This is a security feature of the iPhone, and it means that a potential anti-virus program would be entirely unable to scan other apps for viruses. So...genuine anti-virus programs for the iPhone cannot and do not exist. Any anti-virus program for the iPhone you see offered, is therefore a scam.

 

[Jimmysb]

@MacInWin and @Randy B. Singer thank you for your explanations, though I am in the UK (which is not part of the EU), I suspect our products are to EU standards (or non-standards), but I only get my iPhone and iPad software via the Store.

 

[Randy B. Singer]

... Also, is there a way to do this with Mac OS? ...

We've covered this many times here on Mac-Forums. Use the search field above every page on Mac-Forums and just put in the term "virus". You might find this thread especially helpful:

Virus software

What do you all recommend as a good virus software? I'm currently using OS Monterey 12.7.2

www.mac-forums.com

The bottom line is that the Macintosh has had several levels of anti-malware software built in for many years now, and for the last few years the Mac OS has had interactive anti-malware software built-in that is the equivalent of the best commercial anti-virus software. So you really don't need any third party products.

"XProtect Remediator This was introduced in macOS 12.3 on 14 March 2022..."
https://eclecticlight.co/2022/08/07/last-week-on-my-mac-is-your-mac-still-secure-from-malware/

A “Rapid Security Response” feature was added for macOS 13 (Ventura) and later:
https://tidbits.com/2023/05/02/what-are-rapid-security-responses-and-why-are-they-important/

BUT, if you want such a product anyway, there are a couple of quite good FREE third party products that are worth having. That being VirusBarrier Scanner, and DetectX Swift.

DetectX Swift (free)
https://sqwarq.com/detectx/

VirusBarrier Scanner (free)
https://apps.apple.com/us/app/intego-virusbarrier-scanner/id1200445649?mt=12

Have a look at:

The Practical Guide To Mac Security: Part 9, Do You Need Anti-Virus Software?

You don't need third-party anti-virus software on your Mac. In fact, your Mac already comes with anti-malware software as part of macOS.

macmost.com

 

[IWT]

@MacInWin and @Randy B. Singer thank you for your explanations, though I am in the UK (which is not part of the EU), I suspect our products are to EU standards (or non-standards), but I only get my iPhone and iPad software via the Store.

To Jake who correctly commented on the EU regulations for Apple iPhones and for Jim B who added detail, here is a quote from Apple via the Apple Support Group:

"And to clarify, the UK is no longer part of the EU. You will not be able to pop over to Europe to download these apps. You will need an EU Apple ID with EU ..."

In other words, the iPhones delivered to the UK are "protected" from apps outside of the App Store.

Ian

 

[MacInWin]

Etsy could have (shoudl have?) seen that the e-mail address and physical address for shipping did not match the one on the card. But, what do I know?

Etsy is a market place. They get lots of orders from one location to be shipped to another. They sell items that people buy as gifts for others. It is not surprising or unusual that the buyer and recipient are not the same individuals or at the same address.

And, my largest problem is that I can not contact Etsy to have the charge reversed without signing up and being a member. There is no phone number. Any attempt to follow on line contact instructions tells me to sign up.

Signing up for Etsy is relatively risk-free. They just want to know who you are before allowing you into the inner system. But if you aren't comfortable with that, you don't have to. But then don't expect them to assist much. From their point of view a proper payment method was provided for the articles purchased. The fact that it wasn't YOU isn't really their problem. Normally, if you had been swindled by credit card abuse, the card issuer is the one who should have take additional security measures to protect you, but gift cards are not generally as protected, particularly "free" ones. Bear in mind that Etsy doesn't actually sell any products itself. It is a market place where online vendors can display their wares for buyers and that can provide financial transaction proccessing for both buyer and seller. As I said, they don't actually sell anything themselves. The only individual who could reverse the charge would be the vendor who used Etsy as a marketplace, and as I said, there are a lot of gifts sold through Etsy and shipped to the recipients.

It is also possible that Grainger was the target of an attack that revealed the gift card information to the bad guys. If the intrusion didn't expose customer data, Grainger may not have made it public.

Or, the bad guy could have guessed and hit the jackpot somehow. Sooner or later that happens.

Were you notified of the various failures the bad guy encountered? If so, what you should have done is to immediately contacted Grainger to tell them to block the gift card, or contacted the financial institution behind the gift card if you knew it. Then ask Grainger to replace it with a new one with the balance on it.

At this point I don't think there is much you can do, to be honest.

 

[Jimmysb]

To Jake who correctly commented on the EU regulations for Apple iPhones and for Jim B who added detail, here is a quote from Apple via the Apple Support Group:

"And to clarify, the UK is no longer part of the EU. You will not be able to pop over to Europe to download these apps. You will need an EU Apple ID with EU ..."

In other words, the iPhones delivered to the UK are "protected" from apps outside of the App Store.

Ian

Many thanks Ian, had not seen this.

 

[Raz0rEdge]

I think all this spyware/malware discussion detracted from looking at the core issue.

Where did you enter this pre-paid card information?

 

[MacInWin]

I think all this spyware/malware discussion detracted from looking at the core issue.

Where did you enter this pre-paid card information?

He said this in the first post. From that, I take it he spent part of the balance at AT&T. After that, he has not mentioned using the card anywhere, just that somebody else did.

I used a virtual pre-loaded gift card at the AT&T site to pay an invoice using iOS 18 on an iPad. The transaction went through fine.

 

[PGB1]

Were you notified of the various failures the bad guy encountered?

Yes I was notified. I still get 5 or 10 notifications per day of failed transactions because the purhase price is over the card balance.

"If so, what you should have done is to immediately contacted Grainger to tell them to block the gift card, or contacted the financial institution behind the gift card if you knew it. Then ask Grainger to replace it with a new one with the balance on it."

I absolutely, positively did contact the card issuer "Tremendous Com" immediately when the first failure happened. They said basically "Not our problem". Unlike a credit card, they don't have to get involved. (Grainger doesn't have anything to do with the card. They simply paid Tremendous to distribute cards to clients.)

What is interesting is that I have used this card in the past with no problems.

And more interesting was that the first failure notice from someone trying to use the card was within, I'd say, 2 minutes of a successful transaction on my part at AT&T. That is why I asked about Mac spyware or a browser leak.

 

[PGB1]

I think all this spyware/malware discussion detracted from looking at the core issue.

Where did you enter this pre-paid card information?

Thanks for asking. I used it at AT&T's web site where I pay the invoice for my phone and for my wife's phone. Same site I've used for years.
Sorry for the confusion. my original post is long and details get lost in that tome.

 

[PGB1]

BUT, if you want such a product anyway, there are a couple of quite good FREE third party products that are worth having. That being VirusBarrier Scanner, and DetectX Swift.

DetectX Swift (free)
DetectX

VirusBarrier Scanner (free)
‎Intego VirusBarrier Scanner

Have a look at:

The Practical Guide To Mac Security: Part 9, Do You Need Anti-Virus Software?

You don't need third-party anti-virus software on your Mac. In fact, your Mac already comes with anti-malware software as part of macOS.

macmost.com

I'm kind of confused about DetectX Swift and Virus Barrier.
In the linked article, and in many others I've read, iOS and Mac OS isolate applications in what they call a "sandbox".

If a sandbox exists around an application, how do DetectX Swift and Virus Barrier check for malware or key loggers?

The only reason that this came to my mind was because once Malware Bytes was malfunctioning. Their technical support person told me it was useless for Mac OS X because of the sandbox. (So much for truth in advertising!)

Just Curious About The Workings Of It All,
Paul

 

[MacInWin]

Here is a quick read about sandbox: Explainer: the app sandbox

 

[Randy B. Singer]

I'm kind of confused about DetectX Swift and Virus Barrier.
In the linked article, and in many others I've read, iOS and Mac OS isolate applications in what they call a "sandbox".

iOS does. Mac OS allows you to give applications full disk access.

 

[MacInWin]

macOS also sandboxes applications, by default, but as Randy indicated, it does allow the user to grant full disk access, opening the sandbox to let the app work outside. That is a broad privilege not to be granted without consideration of what that means. Some apps cannot function without that access, but I tend to be "cautious" about granting it.