The iPhone calendar app is a great way to keep track of all your appointments, but it can also be used to spread malicious links. If you’re using an iPhone, iPad or iPod Touch, here are some steps you can take to protect yourself against malware.
First of all, make sure your device is running the latest version of iOS (if not, update it immediately). As of this writing, that’s version is 15.4. 1.
This update patches several security vulnerabilities that could allow an attacker to gain access to your personal information or even install malware on your device. In addition, it shuts down the loopholes used by CalendarCalendarSpam and iCalSpam.
If you have installed CalendarCalendarSpam or iCalSpam, delete it immediately by going into Settings > General > Storage & iCloud Usage and tapping on CalendarCalendarSpam or iCalSpam in the list of apps taking up space on your device’s internal storage or iCloud account (depending on which one is infected).
- How to Check for Viruses on iPhone
- How to Remove Virus from iPhone / iPad
- How to secure iPhone and iPad from hackers
- How to Protect your iPhone / iPad
- Can iPhone get virus? iPhone Virus Scanner & Protection
Calendar spam is a scourge for millions of online users. The rise of social networking applications and the increasing popularity of smartphones have made it easier than ever to share your calendar events with others, but this is also enabling spammers to access your personal information.
Spam is a common annoyance on the Internet, but it can also be a serious threat to your privacy and security.
- If you’re getting calendar invitations from unknown senders, they could be phishing attacks. That means someone is trying to trick you into entering sensitive information, such as passwords or credit card numbers.
- A calendar virus is a spam technique that has existed since 2011. A spam message is crafted with a malicious calendar event attached that contains a hyperlink. This link could be hidden in the text of the event, or in the “location” property of the malicious event.
- The iPhone Calendar virus works, otherwise known as the booby-trapped calendar attack, ‘calendar fishing,’ or a fake email request. When you receive this type of calendar invitation, you will receive an email message in your inbox.
- Once the fake events are re-submitted to the Google Calendar, they’re automatically promoted to the victim’s main calendar if he regularly synchronizes with it.
When viewed through iOS or OS X, calendar events infected by this malware method show nothing out of place. Should a user open one of the links in an infected Google calendar event, however, a dialog box opens that prompts him to download an document from a remote server.
- Attacks involving calendar invites are quite sophisticated, as spammers are trying to update your iPhone’s device time to a random time in the future. They do this to trick you into opening the link and following their exploits. This will be discussed further in this article.
Why are there so many weird events in my calendar?
We’re not sure what causes this problem, but it seems to happen when someone sends an invitation with a link inside it — even if you didn’t ask for one. It doesn’t matter whether or not you attend the event; if you simply click on the link, it will still appear in your calendar (and probably invite more spam). Some people have reported receiving invitations from unknown senders via iMessage, but they can also show up as regular text messages or emails.
Apple says that these calendar invitations are “not spam or phishing attempts,” but we think they might actually be both: Spam because they come from unknown senders who may be trying to steal personal information.
Why are these events showing up?
The most likely culprit through is subscribed calendar, which has been around over the years but started generating a lot of complaints recently. It inserts events into your calendar without you asking for them; it does this by using popups with fake dates and times that look like official Google Calendar events. The only way to delete the event is to click on the “x” button in the upper-right corner — but doing so will take you to a website that looks identical to Google Calendar, with an error message that says “Oops! Something went wrong! Please try again later.” Those websites may or may not ask for your personal information.
They might also contain malware or other viruses that could harm your phone when installed, so stay away from them at all costs.
How does the iPhone calendar virus work?
If you see entries in your calendar that seem suspicious, such as “You have 1 new message from [email protected]” or “1 new message from XXXX”, then you might be infected with a virus.
You might have subscribed to this calendar after you visited a website, and accidentally clicked a pop-up similar to the following:
These calendars usually have names like “Pornography Calendar” or “Holidays Calendar”. They also use email addresses like [email protected] or [email protected], so they look like regular emails but they aren’t. These calendars trick users into subscribing by telling them that their device has been infected with malware and that they need to subscribe to remove it immediately.
- If an attacker knows the email address associated with your calendar account, they can send you deceptive calendar invites riddled with infectious hyperlinks. This process is known as worm propagation.
- A malicious spammer sends you an invitation to add them to your calendar. You’re too kind to decline this grateful email, so you click the link and add them.
- One of the most common ways to deploy this kind of attack is by sending out calendar invites, which force you to click on a specially crafted hyperlink in order to display your appointments.
However, this link can actually be set up to compromise your computer — and the same kind of attack can also be performed without an invite.
- You might also be tricked into subscribing to a calendar on suspicious websites, which allows spammers to send you tons of spam calendar messages, attached to bogus events. (These calendars are often disguised as fake captchas, which we discuss in the following section).
The most important thing is to make sure that you don’t click on anything without thinking twice first!
How to remove the subscribed calendars using your iPhone
- Open Settings.
- Scroll down to Calendar.
- Go to >> Accounts.
- Look under your Subscribed Calendars. The unfamiliar subscribed calendar is likely the account that is generating the ‘virus’ entries in your calendar.
- Tap the subscribed calendar.
- Click on Delete Account at the bottom.
- Tap Delete Account again to confirm that you want to remove the calendar.
What does iPhone calendar spam look like?
Some of these spam messages might look like this:
- The world is ending in 10 days. Click here to read the full story.
- You have won an iPad Pro (4th Generation). Click here for more information.
- You have won $100,000! Click here for more information.
- Hey, I’m free tomorrow. Want to meet up?
- Or they might say:
- I’m looking for an event planner and thought of you! Check out [this link]
- Some of these spam messages might look like this:
- Hi, I have some new photos and videos that I’d love to share with you. Check them out here!
- “I have an iPhone and I will show you how to get free stuff like cash and gift cards.”
- “If you want any of these products, text ‘YES’ to this number for a free sample.”
- “I have an iPhone and I will show you how to get free stuff like cash and gift cards.”
- “This is a new way to earn money with your iPhone. You can earn up to $10 per hour by doing simple tasks on your phone.”
- “It’s 100% FREE! No catch, no strings attached! Just tap the button below, fill out the form & we’ll send your first batch of FREE samples!”
Ways to get infected with iPhone calendar spam
Some of the methods by which you can get infected with iPhone calendar spam are listed below:
If spammers have got hold of your email address –
If spammers have got hold of your email address and added it to a mailing list, they’ll start sending you calendar invitations. This is because it’s easy for them to bulk-send these emails from the same account, but hard for their victims to block them.
If you’ve got a decent spam filter, this shouldn’t be an issue for most people. But if you don’t have a good spam filter or your inbox fills up quickly, it’s possible that the calendar invites will make their way into your main inbox and clutter it up.
This can happen even if you haven’t been compromised directly by a hacker – spammers may simply find your email address in someone else’s contact list and use it to send out their messages.
You can also get infected indirectly. For example, if you receive emails from someone who’s been compromised (or whose computer has been infected), then their calendar invites might come through to your inbox too.
If you accidentally click on fake captchas –
This is a very common method used by spammers to infect users’ devices. This method involves tricking users into clicking on a fake captcha. The user will be asked to solve a simple image-based captcha and if they do so, they will be redirected to another site where they will be asked to download an app or install an update.
If you have clicked on any suspicious link –
You should be careful while clicking on links because there are many websites out there that claim to offer cool stuff but actually infect your device with malware. If you have clicked on any suspicious link then it’s better to immediately check your smartphone for any possible infection.
In short, the iPhone calendar virus works by “collecting” personal information stored on a victim’s phone after they interact with an infected app or website. This information is then uploaded to a remote server, where it is used in different attacks designed to trick the user into thinking that they need to adjust their phone’s date settings as an antispam mechanism. While there are many antivirus apps available for Android and iOS devices, virtually all of them are not capable of detecting this particular attack because it targets the phone itself instead of individual apps or the operating system.
An exceptionally large proportion of Apple users may have been affected by this attack due to what appears to be human error on the part of Apple, meaning that users wishing to avoid this should refrain from updating their iPhone’s calendar until this issue is resolved. Despite the worry that such widespread spyware could generate, we do not believe that this malware is an imminent threat of which users should be worried about.
The way this particular virus works is quite insidious. First, it piggybacks on a previous email that’s been sent to the user. That email doesn’t even need to be relevant to the iPhone iCal calendar program—it just needs to mention any part of the program. As soon as a user clicks on that link in the email, it opens up their calendar and sends out whatever appointment they have set into their personal address book. As soon as that happens, everyone on that person’s contact list receives an appointment invite for it, essentially spreading the virus further.
The biggest problem is that these invites and events are often scheduled to automatically appear in your Calendar app. As soon as you open the Calendar app on your iPhone, it will try to sync with iCloud—scheduling an event that you probably didn’t want. The quickest way to delete the event is to force-close the Calendar app and reopen it so it can go through its routine of checking in with iCloud.
It may feel like your iPhone calendar is under attack, but worry not. The good news is that these messages are easy to avoid and remove once you know what you’re doing. So keep your eye on those events and invitations—and always check with a second source before clicking on anything.
The bottom line is: you shouldn’t click any of these invitations. If your friend sends you an event with a link attached, ask them to resend without it before you accept. And if any other unexpected events show up in your calendar app, don’t click anything – it’s not worth the risk.
If your calendar is full of these spammy events, it might be a good time to check that your device and Apple ID password are up-to-date. I’ve definitely seen my share of fake event invites from legitimate websites, so as always, stay alert. What do you think of this virus? Are you worried that it could spread to email and social media? Will Apple do anything about it? Let us know in the comments below!