MessagesViewService [666] —New Malware/spyware type?

Hello, all. I’m a college student who’s just trying to get by. I’ve read these forums for weeks when issue first started. Found it’s best to be short and precise, I’ll do my best. Hopefully y’all can help me fix this or find a someone i can pay to hack back lol

-Malware first attacked my MacBook Air ‘15, and compromised every account I’ve ever made on internet, then got onto iPhone, iPad via iCloud— breached bank acct, stole $1.2k usd BTC, etc (May 27th, 2021) -Device: iPhone 12 Pro Max, IPad Air 7th gen -Took to apple store they found all three devices were jailbroken with ***** and iCloud passwords. Also, trust certs and filtered internet results. -Apple guy put both in recovery mode via company laptop, which from what I understand wiped current iOS and put on a new copy. I got a new router from ISP. Idk how to build a better firewall or router myself. -issues appeared to be fixed until (6/18) when I noticed my screen turning green hues when I access things like messages, camera, school information—important stuff. Mainly my txt messages. iPhone got really slow and hot. -I didn’t connect my laptop to the new network. All devices connected were fresh iOS. -Eventually, the phone got so slow again I went to geek squad at Best Buy to again wipe os and put new copy on their laptop. I need my phone to access school stuff for this summer term. -When the technician plugged in the phone to iTunes, he said the phone registered as brand new w/ zero files when it obviously has a few apps, and contacts I accumulated since apple guy first restored it. I created a new iCloud for set up after both restores. -It’s been less than 24 hrs since the 2nd restore and my disbelief in learning the device registered as new/clean. -Data analytics appeared ~6 min after setup screens via cellular data with crash reports. -I know it’s not good for one to look at these if ones not well versed in their meanings. I literally didn’t touch the phone and I was seeing same reports as when ***** was on there. -I turned the phone on and off with all apps closed to see if something would happen in analytics. -Crash reports correspond to the green hue on screen. Here’s one example. It’s like the system crashed entirely so a new one could be rewritten.

3 questions: How probable is it for recovery mode to fail via an Apple technician’s laptop, that enough data survives to blossom into new keyloggers, etc I had before with Cyadia?

Is it probable this issue tied to my cells imei?

What’s the likely reason many private frameworks around remote management and crypto, two issues from the past, on a crash report titled as a new issue I’m experiencing?

(I apologize for grammar mistakes) THANK YOU!! <3

ExcUserFault_MessagesViewService-2021-06-21-220753
Up vote post of Ducks2021help Down vote post of Ducks2021help
5.1k views
Posted by
Ducks2021help
Reply

  • Not sure why it’s blocking out jailbrake type..

    here’s a stack that allows hakr to send background sms via og jailbreak supposedly wiped off my iPhone, does it have ties to my imei?

    https://stackoverflow.com/questions/22653828/hacking-into-mfmessagecomposeviewcontroller

    Ducks2021help

  • If you have Pegasus on arm 64 there is no escape from it no matter how many devices you replace, and factory reset doesn’t help either. Good luck !

    Chachacha1
Add a Comment

Replies

<21bbaba8385f3a2b9f4615d30cd2862b> /System/Library/PrivateFrameworks/Celestial.framework/Celestial.

393c6a96c4cd3fd196d2e59c9501eee3> /System/Library/PrivateFrameworks/Pegasus.framework/Pegasus 0x1b7fb9000

Sounds like you have been Watchlisted.

Posted by
Blacklisted21X
Post not yet marked as solved Up vote reply of Blacklisted21X Down vote reply of Blacklisted21X

  • I’m familiar with the “winged horse” issue that has been going on, (and not being sarcastic or dismissive ) but (other than the fact that it’s now known that one is used for targeting, what makes you believe those 2 entries you listed are indications of being “Watchlisted” as opposed to the victim of some type of other copycat hack? I found the same entries on my iPhone, within a crash log of the MobileSMS.app, dated 06/28/2021. I was also aware of the “horse hack” back around 2016 when the story originally broke, and so I’ve made it a habit of looking through my analytics logs at least once a week, and I have seen it in mine (on 3 different iPhones and 1 iPad) since 2016

    d161taL_D1zast3r

  • @Blacklisted21X ... do you have more info on why you think watchlist? im having similiar technical difficulties as well.

    maybenotme
Add a Comment

WOW The exact same thing happened to me, probably one of the neighbours testing development apps on your account through wifi access . Check your internet providers hardware , all the way to the power pole. I’m still having crazy issues . 3 brand new MacBooks, I iMac, 1 iphone12 pro max, and now my iPad Pro, 50000 school year,every account I’ve ever made destroyed now my friends and family think I’m losing my mind and to top it off I I love apple and Adobe and need them for what I want to do for a career , Now Apple and Adobe think I’m shady and doing all this and are almost ready to blacklist me,It’s the worst thing I’ve ever experienced. Just when I am trying to change my ways and be good . Terrible experience. If you find a solution please let me know.

Posted by
Goodguy
Up vote reply of Goodguy Down vote reply of Goodguy

  • Do they target random people? Is that Pegasus software available for hackers? I don’t think I’m important to anyone and I had Pegasus on arm 64 on an apple analytics report. I replaced 3 phones and lost 3 laptops when I first encountered the problem. I don’t think Apple IT can do anything about it either. It will keep infecting any device including your router which is strange also. Nothing helped with me. Hopefully Apple will identify some solution in the future. I don’t think you need to be important to get targeted. I saw other users reporting it and confirming no political activities or a reason for targeting. Probably Pegasus is commonly available to many hackers, or at least edited source codes of that spyware.

    Chachacha1
Add a Comment

Hello.

I respond to your query about winged horse malware, pegasaurus. I would also have a copy of imazing handy, two SIM cards and two iCloud accounts.

  1. wipe the phone and reinstall iOS with your SIM card out.

  2. activate the phone via a Mac, after a clean macOS install isolated from a network. No Bluetooth either or airplay or handoff.

  3. create a new iCloud account with SIM card out.

  4. Turn on airplane mode immediately.

  5. disable iMessage and FaceTime immediately. All items in both apps must be manually turned off. Don’t turn off airplane mode.

  6. Prepare to turn off find my, and all other location services.

  7. Tun off airplane mode. Rush to turn off find my, and all iCloud services.

  8. turn off all notifications and Siri. Also turn off all Siri learning.

8a. Download all needed apps, delete all inexcusable apps.

  1. pop in SIM card.

  2. turn on two factor authentication.

  3. Sign out of iCloud.

  4. Backup iPhone to Mac again.

  5. Pop out SIM card.

  6. restore iPhone.

  7. use imazing confgurstor to supervise and run apps in a profile.

  8. avoid T-Mobile sims, ATT gives NSO Group most difficult time. Verizon also better than T-Mobile for protection but not as good as att. Something about the old Nortel switches they have.

  9. Here’s a simple explanation. Even if you can do this very well, winged horsey also will get you via Bluetooth. They use with FORCEDENTRY a program called 44CALIBER or jsgreeter44. It is a Java script hack of classic Bluetooth. I may have accidentally made the old GitHub public on accident. But you work see people trying to pretend they are Russian on that forum.

  10. here’s how horsey works. When you activate and iPhone, they get all your information, phone id, hardware information, etc, so you cannot hide.

  11. Then within 24 hours you get a text message with a link. That message tricks iMessage into thinking it is an android text and this exploits tls 1.3 and gets your keys to the kernel. By the time you get a text you’ve already been hacked. That’s because they infect you through iCloud services and activation transmission.

  12. The text message is not necessarily the zero day but it can be. The text link points the exploit to an operator and encrypts the traffic sort of or proxies it. In either case you cannot use iCloud. They exploit -0500 and -0800.

20a. Change your default browser to anything but safari and use a browser without Java script for default.

  1. they send an integer exploit for buffer overflow via iCloud before the text arrives.

  2. there is a software that blocks the nso hacking tool but I will not say it here.

good luck.

W. 0’.

I hope that this helps you.

Posted by
Pegasaurus-Rex
Up vote reply of Pegasaurus-Rex Down vote reply of Pegasaurus-Rex
Add a Comment

you guys are much more versed in the tech world than I am , but what if it isn’t necessarily ‘hackers , what if it’s Google and apple using these programs and info .. cuz it’s in my analytics and data tab also .. I assumed all that code and script was all the data being farmed from my phone by apple /and or Google analytics / …and or whoever else! Puts profits above morality ..

Posted by
Rynothagyno
Up vote reply of Rynothagyno Down vote reply of Rynothagyno
Add a Comment