Worried about spyware on your iPhone? iShutdown can reveal if you’ve been infected

(Image credit: Shutterstock)

When you choose an iPhone over one of the best Android phones, chances are you’re doing so for iMessage, FaceTime and all of Apple’s other apps and features. However, security and privacy are another one of the main reasons many people pick up an iPhone over an Android smartphone.

As the best iPhones and the best MacBooks have become more popular in recent years, they’ve also become a much bigger target for hackers. While you won’t find nearly as much malware on iPhones as on Android devices, there is one big threat you need to look out for: spyware.

From Pegasus to Predator, there are a number of different types of spyware that have been designed to target iPhones. Since Apple’s smartphones are used by everyone from celebrities to politicians, there’s all sorts of valuable financial and personal data that can be stolen by hackers and other cybercriminals.

Although Apple has added new features like Lockdown Mode to better secure its devices, determining whether or not an iPhone had been infected with spyware was quite difficult. Fortunately, security researchers at Kaspersky have developed a new way to determine whether or not spyware is currently present on an iPhone.

Finding traces of spyware with iShutdown

As reported by BleepingComputer, security researchers have now learned that traces of high-profile spyware like Pegasus, Reign and Predator on a compromised iPhone can be discovered by checking the device’s Shutdown.log file. This file logs and stores data every time an iPhone is rebooted.

Checking an iPhone’s Shutdown.log file can be tedious though, which is why Kaspersky has released several Python scripts to help automate the process of analyzing it. At the same time, when compared to other techniques like examining an encrypted iOS backup or network traffic, looking at the Shutdown.log file is much easier.

To this end, Kaspersky has published three Python scripts that the company is calling iShutdown on GitHub. There are also instructions on how to use these scripts along with example outputs.

While this method certainly won’t be for everyone, if you have experience with Python, iOS, terminal output and malware indicators, you might be able to use iShutdown to diagnose your iPhone for any signs of spyware or malware. However, this method will fail if the compromised iPhone in question isn’t rebooted on the day it becomes infected. 

Still, this is quite the breakthrough and should make it easier for security researchers to determine when high-profile targets have had spyware installed on their iPhones.

How to keep your iPhone safe from spyware and malware

A padlock resting next to the Apple logo on the lid of a gold-colored Apple laptop.

(Image credit: robert coolen/Shutterstock)

Even though you may not have the skills nor experience necessary to run these iShutdown scripts on your own, there are still plenty of steps you can take to help keep your iPhone safe from hackers.

For starters, you want to download and install the latest updates from Apple as soon as they become available. The iPhone maker often patches zero-day vulnerabilities and other bugs when it releases an update. By waiting to install these updates though, you’re putting your iPhone and yourself at risk since hackers love to target users that have yet to update their devices.

While there isn’t an iOS equivalent of the best Android antivirus apps due to Apple’s own restrictions, one of the best Mac antivirus software solutions is able to keep both your iPhone and iPad safe from malware. With Intego Mac Internet Security X9 or Intego Mac Premium Bundle X9 you can scan an iPhone or iPad for malware by connecting it to your Mac using a USB cable.

Besides installing updates and scanning for malware, you also want to avoid opening messages and downloading attachments from unknown senders both in your email and on messaging apps. Infecting an iPhone with malware or spyware is difficult but hackers are quite resourceful and as soon as a bug is fixed, they’re looking for a new one to exploit in their attacks.

We’ll have to wait and see if Kaspersky decides to develop its iShutdown scripts further but for the moment, they are free to download and use to find traces of spyware on a compromised iPhone, granted you have the necessary skills to do so.

More from Tom's Guide

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.