Aggravating iPhone Browser hijacker

Albedo · Mar 1, 2015

Help me out. I'm at my wit's end with this one. Whatever my phone has got, it's got it good.

What I've got is similar to the PC JavaScript injection attack that intermittently hijacks legitimate ads on Absolute Write. This one (using safari, most recent iOS update) hijacks your AW page and either takes you to some ad page, or alternately (and even more annoyingly) closes Safari altogether and takes you to the App Store page for some horrid pay to play game.

I've tried deleting all cookies and website data, closing down Safari and everything else and restarting my phone. It's still hijacking AW, making me unable to browse the site at all unless I disable JavaScript, which is annoying because so many mobile webpages use it for functionality.

Has anyone else had this problem? What is it? It's got to be more than just a dodgy cookie. How do you even run a malware scan on an iPhone? Is there a way to stop Safari from being able to access the App Store without your permission?

Help me, it's driving me crazy! And I'm worried I shouldn't be doing things like banking on my phone now, in case it's compromised.

Thewitt · Mar 2, 2015

Is your phone jailbroken? Are you running iOS 8? Have you installed software outside of the App Store - via an enterprise developers account or via an installed certificate?

There are no malware attacks on non-jailbroken iPhones - with only two exceptions that I'm aware of if you have not installed software outside o the App Store.

If some else download Wirelurker through a third party app store, and then they synced their iOS device with your computer, it's possible you infected your phone.

XAgent will run invisibly on iOS 7, but it's visible on iOS 8 and can simply be deleted like any other app.

As for what's causing your javascript strangeness, I'm afraid it's likely just poorly written javascript.

There are no virus scanning apps for iOS for non-jailbroken devices.

Albedo · Mar 2, 2015

Thewitt said:
Is your phone jailbroken? Are you running iOS 8? Have you installed software outside of the App Store - via an enterprise developers account or via an installed certificate?

There are no malware attacks on non-jailbroken iPhones - with only two exceptions that I'm aware of if you have not installed software outside o the App Store.

If some else download Wirelurker through a third party app store, and then they synced their iOS device with your computer, it's possible you infected your phone.

XAgent will run invisibly on iOS 7, but it's visible on iOS 8 and can simply be deleted like any other app.

As for what's causing your javascript strangeness, I'm afraid it's likely just poorly written javascript.

There are no virus scanning apps for iOS for non-jailbroken devices.

It's not jailbroken. And no-one else has synced on my PC. My PC does intermittently get the JavaCraps, despite multiple malware scans. Could something potentially cross infect my phone from a PC?

Thewitt · Mar 2, 2015

Albedo said:
It's not jailbroken. And no-one else has synced on my PC. My PC does intermittently get the JavaCraps, despite multiple malware scans. Could something potentially cross infect my phone from a PC?

Though anything is theoretically possible, the nature of iOS and it's sandboxing of apps makes cross infection very difficult if not impossible, so it's likely not that.

Astormooke · Mar 9, 2015

Hope I can help!

I did a little research and have a few more things for you to try after this question, is it only AW? Or does it redirect you on other sites as well? With that said try the following:

After deleting your cookies again, reset the Iphone by holding the power and home keys.

Did that work? If not continue...

Since it is an Iphone try getting on your 3g/4g and see if it redirects while you use that network.

If it doesn't redirect then it is more then likely your router which you can read about here

If it does then you may need to disable scripts in your phones settings, rendering your browser text only. Meaning videos music and other script related things wont run.

The thread I read is here, in that thread is a link to another thread I didn't read. So maybe check out that other thread as well.

If none of this helps I will be subscribing to this thread and check up as much as possible continuing the search for answers. Have a great day!

Astormooke · Mar 14, 2015

Is this issue resolved?

Emily Winslow · Mar 19, 2015

FYI, as of today, out of the blue, this is happening to me too: random redirects from AW to ad sites and the app store, without me touching anything. This is only happening to me from Absolute Write. I'm using Safari on an iPad mini. No recent updates; not jailbroken.

Aggravating iPhone Browser hijacker

Albedo

Alex

Thewitt

Albedo

Alex

Thewitt

Astormooke

Astormooke

Emily Winslow

Do Not Walk on the Grass