Worried about spyware on your iPhone? iShutdown can reveal if you’ve been infected

Spyware
(Image credit: Shutterstock)

When you choose an iPhone over one of the best Android phones, chances are you’re doing so for iMessage, FaceTime and all of Apple’s other apps and features. However, security and privacy are another one of the main reasons many people pick up an iPhone over an Android smartphone.

As the best iPhones and the best MacBooks have become more popular in recent years, they’ve also become a much bigger target for hackers. While you won’t find nearly as much malware on iPhones as on Android devices, there is one big threat you need to look out for: spyware.

From Pegasus to Predator, there are a number of different types of spyware that have been designed to target iPhones. Since Apple’s smartphones are used by everyone from celebrities to politicians, there’s all sorts of valuable financial and personal data that can be stolen by hackers and other cybercriminals.

Although Apple has added new features like Lockdown Mode to better secure its devices, determining whether or not an iPhone had been infected with spyware was quite difficult. Fortunately, security researchers at Kaspersky have developed a new way to determine whether or not spyware is currently present on an iPhone.

Finding traces of spyware with iShutdown

As reported by BleepingComputer, security researchers have now learned that traces of high-profile spyware like Pegasus, Reign and Predator on a compromised iPhone can be discovered by checking the device’s Shutdown.log file. This file logs and stores data every time an iPhone is rebooted.

Checking an iPhone’s Shutdown.log file can be tedious though, which is why Kaspersky has released several Python scripts to help automate the process of analyzing it. At the same time, when compared to other techniques like examining an encrypted iOS backup or network traffic, looking at the Shutdown.log file is much easier.

To this end, Kaspersky has published three Python scripts that the company is calling iShutdown on GitHub. There are also instructions on how to use these scripts along with example outputs.

While this method certainly won’t be for everyone, if you have experience with Python, iOS, terminal output and malware indicators, you might be able to use iShutdown to diagnose your iPhone for any signs of spyware or malware. However, this method will fail if the compromised iPhone in question isn’t rebooted on the day it becomes infected. 

Still, this is quite the breakthrough and should make it easier for security researchers to determine when high-profile targets have had spyware installed on their iPhones.

How to keep your iPhone safe from spyware and malware

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

(Image credit: robert coolen/Shutterstock)

Even though you may not have the skills nor experience necessary to run these iShutdown scripts on your own, there are still plenty of steps you can take to help keep your iPhone safe from hackers.

For starters, you want to download and install the latest updates from Apple as soon as they become available. The iPhone maker often patches zero-day vulnerabilities and other bugs when it releases an update. By waiting to install these updates though, you’re putting your iPhone and yourself at risk since hackers love to target users that have yet to update their devices.

While there isn’t an iOS equivalent of the best Android antivirus apps due to Apple’s own restrictions, one of the best Mac antivirus software solutions is able to keep both your iPhone and iPad safe from malware. With Intego Mac Internet Security X9 or Intego Mac Premium Bundle X9 you can scan an iPhone or iPad for malware by connecting it to your Mac using a USB cable.

Besides installing updates and scanning for malware, you also want to avoid opening messages and downloading attachments from unknown senders both in your email and on messaging apps. Infecting an iPhone with malware or spyware is difficult but hackers are quite resourceful and as soon as a bug is fixed, they’re looking for a new one to exploit in their attacks.

We’ll have to wait and see if Kaspersky decides to develop its iShutdown scripts further but for the moment, they are free to download and use to find traces of spyware on a compromised iPhone, granted you have the necessary skills to do so.

More from Tom's Guide

TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
Malware
New macOS malware uses Apple's own code to quietly steal credentials and personal data — how to stay safe
iPhone 15 Pro Max shown in hand
iMessage under attack from scammers sending phishing messages — don’t fall for it
Google Play logo on an android smartphone with corner hole punch camera
At least 5 North Korean spy apps have been found on Google Play — what you need to know
MacBook Pro 2021 (16-inch) on a patio table
Macs under attack from dangerous malware targeting digital wallets and Apple’s Notes app — how to stay safe
MacBook Pro 2021 (16-inch) on a patio table
Millions of Mac owners urged to be on alert for info-stealing malware
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Latest in Online Security
23andME box
23andMe has declared bankruptcy — here's how to delete your data now
A magnifying glass on top of the Steam logo in a web browser
Valve just pulled a malicious game demo spreading info-stealing malware from Steam
A man filing his taxes electronically on a laptop
AI-powered tax scams are here - how to stay safe from deepfakes, phishing and more this tax season
MacBook Pro 2023
New Mac attack is tricking users into thinking their computer is locked — how to stay safe
Hacker using a stolen social security card
Your Social Security number is a literal gold mine for scammers and identity thieves — here’s how to keep it safe
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Latest in News
iPhone 16 with Apple Intelligence logo for iOS 18.1
iOS 18.4: All the newest Apple Intelligence features coming to your iPhone
Maria Debska in "Just One Look" now streaming on Netflix
3 best Netflix shows in March you haven't watched yet
Split image featuring the Galaxy S25 Edge (left) and Galaxy S25 Ultra (right)
Samsung Galaxy S25 Edge just tipped for two Galaxy S25 Ultra-level features
Wolfenstein: The Old Blood
Amazon is giving away a ton of free games for its Big Spring Sale — here’s how to claim yours
A TV with the Netflix logo sits behind a hand holding a remote
Netflix is rolling out a big video quality upgrade — what you need to know
Choi Hyun-Wook, Hong Kyung, and Park Ji-hoon in "Weak Hero Class 1" now streaming on Netflix
This action-packed K-drama is now streaming on Netflix — and now’s the time to binge-watch before season 2