iPhones, iPods, & iPads forum

General discussion

iPad browser got hijacked, now what do I do?!

by Lee Koo (ADMIN) CNET staff/forum admin / October 30, 2015 5:13 PM PDT
http://cnet4.cbsistatic.com/hub/i/2015/10/31/397dc175-b184-497c-82f0-899425d50370/ipadscreen.jpg

iPad browser got hijacked, now what do I do?!

I hope someone can help me as my Safari browser on my iPad has been disabled and I'm unable to use it. I guess I was naïve to think that iPads weren't susceptible to malware. Here are the steps of what I recall happening before my browser was taken over and rendered useless with this screen telling me to call support to remove the spyware/adware (see attached).

I was googling some information for a dog kennel and landed on a random website (unfortunately I do not remember the site's name.) I clicked a link on the page and all of sudden this message popped up on my screen. I wasn't sure what happened, but when I read the message I thought it was support from Apple telling me to call the support number because my iPad had spyware on it. Out of panic, I called the number on the screen and a woman with a heavy foreign accent answered and asked me for my email address. That's when my gut told me something wasn't right here, so I hung up and I never called back. Now every time I try accessing Safari on my iPad, this screen comes up and I'm stuck and I'm clueless as to what to do. Can someone please help me with this and tell me what to do to get me out of this? I can access the rest of my iPad's features, it's just my browser that is stuck. I really hope this isn't something permanent. And if I can get out of this jam, is there a way I can prevent something like this from happening to me in the future? Do I need to add an antivirus or antimalware app to my iPad now? I'm grateful for any advice!

--Submitted by: Doris K.
Post a reply
Discussion is locked
You are posting a reply to: iPad browser got hijacked, now what do I do?!
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: iPad browser got hijacked, now what do I do?!
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Remove popup blocking browser on iOS products
by dslyohio44439 / October 30, 2015 5:48 PM PDT

If you are using the safari browser on an iPad or any other iOS product and you notice the browser has been high jacked, most of the time this can be resolved by clearing the history and website data from the browser.

To do this, open the "Settings" app and scroll down to "Safari". Most of the time it's about 2/3 of the way down the list of options. Tap on Safari and near the bottom of those options you will see the option to clear history and website data. Tap that and follow the instructions it gives and this should resolve the issue.

Collapse -
Removing USER-SAFARI.NET from iPad
by dtalknow / October 4, 2016 9:56 AM PDT

The advise referring to SETTINGS and CLEAR HISTORY AND WEBSITE DATA worked like a charm for me. Thanks so much

Collapse -
That looks like a homepage hijack and no virus.
by R. Proffitt Forum moderator / October 30, 2015 5:52 PM PDT

1.
"SC says: October 20, 2015 at 12:09 pm fixiostoday.com Potential Thread Detected! warning. YOUR iOS Device (iPhone or iPad) May Have ADWARE / SPYWARE VIRUS. Call iOS Tech Support +1-844-654-5186.” Cleared history and removed cookies and data. Message disappeared the next time I opened Safari.

Read more at: http://ipadhelp.com/tutorial/iphone-ipad-remove-adwarevirus/ "

2.
Apple writes more:
"Clear information from your device

To clear your history and cookies from Safari in iOS 8 or later, tap Settings > Safari > Clear History and Website Data. In iOS 7 or earlier, tap Clear History and tap Clear Cookies and Data.
To clear other stored information from Safari, tap Settings > Safari > Advanced > Website Data > Remove All Website Data.
Clearing your history, cookies, and browsing data from Safari won't change your AutoFill information. "
More at https://support.apple.com/en-us/HT201265

Be sure to change your homepage while in those settings.

3.
Finally, you can add this malicious web site in your own block list as written up at http://www.igeeksblog.com/how-to-block-websites-on-safari-for-iphone-and-ipad-in-ios-7/

4. The future. Let's hope Firefox for iOS launches soon.

5. Now. Chrome at:
https://itunes.apple.com/us/app/chrome-web-browser-by-google/id535886823?mt=8
Now try to add in Web Of Trust. I'm away from my iThings so you can try this.

Collapse -
What the heck are you doing?
by McLederer / November 10, 2015 8:32 AM PST

What kind of an idiot publishes a clickable malware web site's URL?

Collapse -
Bob Didn't Do That
by Hforman / March 19, 2016 9:59 AM PDT

I think you must have misread something. None of the sites are "malware" but explain how to stop such malware. I would have just suggested getting rid of the dog and to buy a cat, in the first place Happy

Collapse -
I noticed my Chrome...
by JCitizen / March 19, 2016 10:42 AM PDT
In reply to: Bob Didn't Do That

browser started flickering and juddering while trying to just look at the links he had, to figure out what he was talking about. I closed my Chrome browser and ran CCleaner to insure something didn't jump out of an advertisement here on CNET and try to compromise the Chrome browser and Windows x64 operating system. I wouldn't doubt if dodgy things drive by us users here on CNET occasionally - web sites of all kinds get compromised by SQL injections and other exploitation, ad I imagine CNET is not the exception. I've been attacked at least once on many completely legitimate web sites, so I am convinced they all have problems at one time or another. The criminals just get sneakier everyday - and web sites like CNET keep insisting on running hundreds of scripts, making using AdBlock Plus or NoScipt completely impractical - so this problem will continue on ad nauseam, I'm sure.

Collapse -
I Apologize
by Hforman / March 19, 2016 4:26 PM PDT
In reply to: I noticed my Chrome...

I wasn't looking at it that way. I assumed that he read Bob's post incorrectly. My bad. Definitely! But now that you brought the subject up... I am running Firefox (latest version) with Ghostery as well as Ad Block Plus. Yes, we can start a whole n'other discussion on why the World Wide Web runs on advertising but we did that on one of blog discussions not too long ago. Right now, while I am replying, Ghostery is telling me that there are (only) 21 trackers linked to this CNET page. If you try to turn on BLOCKING in Ghostery or Turn off Ad Block, this page, especially the buggy LiveFyre software, doesn't function properly. Then you get white space on either side of the page that forces you to another site if your mouse pointer slips off the scroll bar. (sometimes, the area is grey or black, depending on the site). I don't know whether I should blame LiveFyre or the software used to generate the page. But the thing with advertising is that CNET does NOT have control over what the ads are. They are generated by the ad companies (Google, in particular) and they just pick up an ad and shove it at you without any concern as to who created the ad or if it has a malicious payload. I've seen a lot worse that what most have seen, including having a pop-up webpage to a porn site. So, yes, it is possible for the poster to have clicked on the link and had been taken to a malware link. I think the new name for all this is "malvertising" and it supposedly is increasing. So people blame the website where they find the link, but those sites are just running advertising which could contain just about anything because the site gets paid for the ad but has no control over the content or embedded scripts. You try to protect yourself and the initial page stops working because nobody codes web pages to handle blockers or bad returns from advertising software.
So, I do apologize. I didn't realize alternatives to the meaning of the post and that makes me guilty of what I mentioned. Sad

Collapse -
I agree the links probably were not bad sites..
by JCitizen / March 19, 2016 6:47 PM PDT
In reply to: I Apologize

only thing is all of them are turning bad now it seems. I'm glad I'm not the only one that absolutely HATES Livefyre - or are at least I sure do!! Nine times out of ten I can't even post over on TechRepublic with any browser I've tried. Part of the problem is I'm using Vista, but that is no excuse for greedy old CBS to ruin one of my all time favorite sites! I don't feel so alone in my pain now. Thanks Hforman for posting that - I see no reason for an apology at all!! Shocked

Collapse -
Safari issues
by ctadams10462 / October 30, 2015 6:39 PM PDT

Take the iPad off the internet, go to settings, Safari and delete or reset everything you can get your hands on. If that don't work hopefully your not one of the millions who don't backup there apple devices and do a complete system reset then use backup to restore.

Collapse -
Relax
by gmm421 / October 31, 2015 7:35 AM PDT

You did the right thing by not getting sucked in to their fraudulent behavior. But, in the big picture, its an annoyance, not a catastrophe. Simply use iTunes to back up and restore your device. https://support.apple.com/en-us/HT201252 . Then, block the site as described in other posts. I doubt that switching browsers will make a difference in the long run. Its more important to know how to respond to these problems because they will never go away permanently no matter what browser you use. You don't need an antivirus or malware program. There will always be potholes on the information highway.

Frankie say, relax. Spend less time worrying and more with your playing with you dog!

Post was last edited on November 6, 2015 5:37 PM PST

Collapse -
Might just be the page itself
by billygard / October 31, 2015 12:44 PM PDT

If you're just opening the browser by directly clicking its icon, it will likely go right to the page it was last on, in this case the one shown in your picture. If this is the case, try clicking the "overlapping squares" icon that shows all open pages and close them, especially the one showing this website.

You didn't specify it it goes to this strange page even when you open the browser indirectly by clicking a link inside an email message or other app. See if that works.

Collapse -
That happened to me too
by volvogirl / October 31, 2015 11:32 PM PDT

I got an ioserror page with a warning to call and pay to unlock it or something. Couldn't go anywhere else on the internet. Finally used one of the shortcuts I had on my home screen to get back into Safari and that worked to bypass that page. And I cleared out the history and cookies, etc. I tried not to panic since Apples aren't suppose to get viruses.

Collapse -
Not True
by Hforman / November 1, 2015 10:21 AM PST

Throughout the history of Apple, they have had viruses, worms, trojans, adware, ransomware (what this is) and other bits of malware the same as anything else. Maybe less so for various reasons. The only viruses they used to be immune to were PC platform viruses (Intel/IBM) because the Motorola processor was never compatible with Intel and/or AMD. You can actually look this up on the Internet on most sites that cover MAC viruses. Recently, there have been issues with IOS. For example, Apple just pulled a bunch of apps off the App Store because they used a Chinese API.
The OP and the problem is another example. Hopefully, the OP did not give the person with the accent too much information. Some of these want you to do things with your device to install malware or to simply pay a fee.

Collapse -
You seem to be an alarmist.
by R. Proffitt Forum moderator / November 2, 2015 8:44 AM PST
In reply to: Not True

The screen above is a rather simple problem and not a virus, trojan or much of anything.

While it is true there have been viruses and more, why are you escalating what is a simple thing to solve? Help them solve it.

Post was last edited on November 2, 2015 8:45 AM PST

Collapse -
Security Professional
by Hforman / November 2, 2015 1:30 PM PST

Yes, I may be an alarmist but you may notice that I wasn't replying to the OP. I was being cranky. Sorry, Bob. A lot of these "simple problems" turn out to be extortion and/or a means to obtain personally identifiable information. I'm glad the OP detected something wrong.

Collapse -
Here's the fun part
by hypnotoad72 / November 6, 2015 6:41 PM PST

Apple's marketing goes out of its way to say "Windows viruses", at least for when they advertise for Windows users. What Apple rarely talks about are Mac malware, which exist in many forms, but viruses and the nastier ones are harder to get and spread.

Even to this day, Macs' firewalls are disabled by default and any firewall that lets any ad-driven payload through is pointless, and most firewalls can be configured to block sites putting out ads... assuming iOS has a firewall, which doesn't seem likely (they still want to sell phones with a whopping 1GB of RAM when people frequently use more than that, especially for open web browser tabs...)

Collapse -
Just a malicious cookie
by Brammy63 / November 6, 2015 6:34 PM PST

This is simply a malicious cookie pop up embedded in a site you visited. Double click the home button, swipe out of Safari. Go to setting> safari and clear website history. You should be golden.

Many websites sell 'advertisements to third parties on their websites unknowingly giving the cookie monsters access.

I also recommend setting in the Safari settings to only accept cookies from sites you visit. This will cut down on the third party advertisers directing additional cookies such as the one you are dealing with.

Unfortunately, because some websites or only concerned about ad revenue, they fail to perform due diligence before allowing an advertiser to embed.

Best of luck!

Collapse -
Question
by hypnotoad72 / November 6, 2015 6:43 PM PST

Why should they do any work outside of what makes them money? They don't owe Doris or anyone else anything, do they?

Collapse -
Of course they owe Doris
by spadeskingtx / November 6, 2015 11:07 PM PST
In reply to: Question

Say what? Of course they owe Doris something. She paid a lot of money for her device. She has a right to expect the makers of the device to make it reasonably easy for a non super techie to safely operate it. If they were giving these out for free then I would agree they owe her nothing. But these devices are not free. When did we fall in to the trap that big business owned us?

Collapse -
What about Doris' download limit?
by sukayser / November 7, 2015 8:05 AM PST

If Doris, like most of us, is paying for every bit she downloads, these frauds are costing her part of her quota. That's another loss for her.

Collapse -
Same thing happened to me,
by emilokee / November 6, 2015 6:50 PM PST

However, my response was a lot worse. I let the people with Russian accents on my computer. I thought they were Apple support. I can't believe I did it, and I am old enough and smart enough to know better. I initially panicked because I thought I was infected with malware and wanted to erase it ASAP. While they were "checking for malware", I called Apple because I was just not comfortable with the idea of these guys on my computer.

Apple support told me to x them out NOW! The scammers called me back and asked me why I terminated the session. I told them it was because I was on the phone with real Apple, and Apple said it was a scam.

The next step was to call my credit card company and stop payment on the credit card charge. ($250) The scammers had already reversed it, so I have to give them credit there.

Apple had to go through my computer with a fine tooth comb to see if they had planted malware. They had done nothing, but the real scam was getting my credit card number. Of course, I reported it compromised. I can't believe I scraped through that with no consequences. Made for some good cocktail party conversation though!

Apple's 3 year protection plan is a bargain at any price when you encounter stuff like this.

Collapse -
In My case it happened on my iPhone 6+s
by alberty29 / November 6, 2015 8:00 PM PST

Wen the Messege apears I put my phone on airplane mode and go to the settings, clear the history and web data. The problem was solve and obviously I don't enter again the site that I enter wrong.

Collapse -
Hijacked
by MarDel53 / November 7, 2015 3:21 AM PST

On my IPad mini I use chrome, web exlorer for my browsers and once in a while photon.
This happened to me while using Chrome. Petrified me at first. It also happened on my Win7 pro desktop computer. I knew it had to be wrong; On my computer I simply did control alt delte and used task manager to shut down the browser (IE) on my desktop. I then used c-cleaner; glary utilites and wisecare 365; Had no problems. I then ran malware bytes; nothing. On my mini, I was able to get back to my apps; deleted the app and reinstalled it. That worked and nothing has happened on either device since; I went into settings on my mini and attempted to get rid of cookies as suggested by others here but I guess deleting the app and reinstalling did that for me. But having that page appear out of nowhere can certainly surprise you if nothing else. I also believe that one should never call a phone number given to you by a website that you never actually logged onto by yourself. That should be the general rule of thumb.

Collapse -
Easy Fix But Not for Some
by dcr-mo / November 7, 2015 5:18 AM PST

My sister-in-law had this happen to her iPad browser. Unfortunately she is not very tech-savvy and called the telephone number. They instructed her to connect her iPad to her Windows computer, go to a website and download a remote-control program, and run it. (I got very worried at this point in her conversation.) Fortunately she got suspicious (finally) at this point and before they were able to do any damage she shut things down. I had a long discussion with her about why NOT to do things like this in the future and hopefully she has a learned a valuable lesson. I did go back and scan her Windows system for malware and newly installed programs. The only thing I found was the remote-control app which I promptly deleted. The iPad was fixed by clearing the browsing history. Unfortunately this kind of thing will probably always be an issue as long as there are nefarious individuals trying to make a dishonest dollar and new users who don't understand all the "rules" of computing.

Collapse -
Javascript is the culprit...
by coachbb94 / November 7, 2015 6:59 AM PST

I encountered this twice and here is what I did to resolve the problem.

I had clicked on a seemingly legitimate Safari link only to have a tab and an overlay window open instead of the tab I was expecting.  The tab that opened displayed "Windows Blue Screen Of Death" (BSOD) text on it.  The overlay window had no toolbar at the top and contained text that said my Windows computer  (I am on a Mac) was infected and that I needed to call an 800 number to get the computer cleaned.  Because the overlay window had no toolbar I could not close it, plus I could no longer access any of the other open tabs.

After some "Google Foo" I found out that Javascript was being used to create this hijack.  When I clicked Safari on the toolbar, the "Quit Safari" option was greyed out but the Preferences option was still available.  I opened Safari's Preferences, clicked Security and unchecked "Enable Javascript".  I then clicked the Apple icon and used the “Force Quit” option to close Safari.  I reopened Safari and only the default tab was displayed.  To reopen the previously opened tabs I clicked "History" on the Safari toolbar and clicked "Reopen All Windows From Last Session".  A new window opened displaying all the previously opened tabs, after which I was able to close the BSOD tab.  From that point on everything worked correctly.

The second time I encountered this hijack when I tried to open Safari's Preferences it was greyed out which prevented me from accessing the Security option that would allow me to disable Javascript.  My only choice was to "Force Quit" Safari.  When I reopened Safari all the the previously opened tabs and the overlay window immediately reopened.  At this point I was stuck, so I did some more "Google Foo" to see if there was a way to use the terminal to disable Javascript.  I found an Engadget article that not only shows how to Disable Javascript from the Terminal but also a way to create a keyboard shortcut that issues the “Disable Javascript” command for use now and later.  I created the keyboard shortcut, used it and when Safari reopened the overlay window was gone and I was able to close the BSOD tab.  When I checked Safari's Preferences, Javascript was still enabled and I have had no further problems.

Having this keyboard shortcut will allow me to use it again if needed and with the way sites are being infected with this malady, I will.

Here is the terminal command to setup the keyboard shortcut.

defaults write com.apple.safari NSUserKeyEquivalents -dict-add "Disable JavaScript" '@J'

Here is the link to an Engadget article that contains the instructions for creating the keyboard shortcut.  The instructions are at the bottom of the article.
http://www.engadget.com/2011/01/04/quickly-enable-or-disable-javascript-in-safari/

Collapse -
the second time?
by walldoo99 / November 7, 2015 5:46 PM PST

Do you look for these infected sites. It took me 20 years to hit 2 of them. You post kind of sounds like you hit them twice recently. I thought Apple products were suppose to be immune to these things.
This is east on windows based PC. I used task manager to close the browser and scanned with malwarebytes. I t found nothing left behind. A friend of mine clicked the scan button on one and it took 2 hours just to log in without the PC rebooting. Then It took about 30 min to clean out all the garbage that was installed.

Collapse -
Oh good grief..
by JCitizen / November 7, 2015 8:35 PM PST
In reply to: the second time?

It is fairly well known that even legitimate sites are invaded with SQL infected malware and dodgy advertisements, that can cause all kinds of mischief for users on just about any site, using almost any operating system or browser.

The real danger are folks who insist on using flash or java products on Apple devices. It doesn't matter if Apple has banned such things from their browser or the app store because so many people jail break their devices to access the apps that they want.

And really - even Apple gets the occasional vulnerability that isn't patched right away, because the community hasn't discovered them yet, but the criminals already exploit them to a tee!

Also I see a lot of people downloading what used to be called extensions for Chrome that may not necessarily come from the Apple store but get installed none-the-less by users that need functionality. Many times no open source authority knows if these "apps" for Chrome are even fully vetted. There is plenty of room for folks to get a drive by on an Apple product. Sure us geeks won't likely run into it - but folks will use their devices in ways we would never think of. We work on our devices for work - they play.

Collapse -
how do I fix it on an iPad?
by Dan_Saghin / March 19, 2016 2:43 AM PDT

I have this issue on a Ipad 3 ios 9.2.1,
the problem did`n`t dissapear even with the java turned off...
it redirects me to some ****** web pages even when I click some link posted on facebook, I tried everything...
can you help me out please?

Collapse -
Try Intego or MBAM
by JCitizen / March 19, 2016 11:11 AM PDT

as apps to remove or prevent malware in the 1st place. I don't know if Malware-bytes-Anti-malware is free to use, but if you want the real time protection on PCs I know they charge a yearly fee. I've never tried Intego, but it receives top picks on many web sites. Check out the user reviews here on CNET - I'm sure they cover Apple products by now.

Collapse -
Malwarebytes
by MarDel53 / March 20, 2016 4:11 AM PDT
In reply to: Try Intego or MBAM

I have been using Malwarebytes on my desktop Win7Pro for about 5 years or so. Totally free. You have to update the program yourself in this free version which I have had no problem so doing. You might want to check this out; but it doesn't to my knowledge have an app for IOS devices.
Free:

free version

The Malwarebytes Free edition offers users the option of installing a trial version of Malwarebytes Anti-Malware Pro.

Please read carefully after visiting the above web-site.

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

GIVEAWAY

We are giving away 'Black Panther' swag!

Four lucky readers will be taking home *Marvel*ous "Black Panther" prizes, including magazines autographed by the King of Wakanda himself! Giveaway ends Feb. 25, 2018.