Jump to content

Help with clarifying potential malware / spyware infection on Macbook

Recommended Posts

Hey everyone,

Hope you can help me out :-) 

I am normally extremely careful and cautious about vetting software for legitimacy before I use it. However, this time I appear to have made an error in judgement...  A couple of weeks ago I foolishly downloaded and used a third-party mac application called PhoneRescue by a software company called iMobie based in China: https://www.imobie.com/phonerescue

TL;DR: It's less-than-legitimate software and I am hoping for some reassurance that I haven't infected my computer with malware or spyware or unwittingly invited a significant security breach of my personal data. Since downloading, I've scanned with Malwarebytes (no threats) and after a bout of paranoia reformatted and reinstalled macOS as a precaution. I hope I have done all the necessaries but it would be fantastic if someone with proper expertise could give me the thumbs up. You read scary things about malware / spyware surviving a reformat etc...

MacBook Pro, Mid 2015, macOS Sierra 10.12.6 
Checked the dmg on virustotal and it comes back clean but mixed results regarding the signature (sometimes it comes back with a signature from Apple, sometimes not).
Scanned Macbook with malwarebytes premium, no threats found.
re-formatted and re-installed mac os as a precaution.
There are no obvious signs of infection on my machine, nor evidence of a change in performance; I guess I'm seeking re-assurance about what kind of damage an application like this can inflict or is it simply a case of having embarrassed myself and a bit of a learning curve? 

It is probably obvious that I am very likely overcooking this but, like most people, the thought of my devices or personal data being compromised is upsetting. I also feel like a right idiot! 

I stupidly installed the software in the hopes of retrieving a deleted SMS message. No iCloud backup was available to me at that time so went looking for third-party offerings. The PhoneRescue application is heavily marketed; a quick Google search returns many reputable publications promoting the software (along with many other iMobie software products). Sadly, I took this at face-value, downloaded the software to my Macbook, plugged up my iPhone and let it scan away. 

It's obvious that the free trial version acts as an incentive for the user to upgrade to unlock the 'deleted' content. I quickly clocked this whole thing was probably a mistake, quit the program, disconnected my device and promptly uninstalled it. 

Returning to Google for a more thorough look into the software, to my frustration I discovered it was probably considerably sketchier than first thought, and that all the content by more reputable publications is clearly thinly-veiled paid-for promotional material making the software look more reputable than it probably is.

Any assistance is massively appreciated.



Link to post
Share on other sites

Although I have not taken a look at that specific piece of software from iMobie, I doubt that it is any threat to your computer beyond the attempt to make you pay for it to perhaps do what you wanted it to. I took a look at another of their products called phoneclean and didn't find anything malicious about it, just annoyingly urges me to upgrade to the pro version.

iMobie has been around since 2011, so if there were something truly illegitimate about their software, I'm sure there would be gone or renamed by now.

A review site that has a fairly good reputation in the industry is TrustPilot. Reading through mixed reviews I can see that most are generally positive except when the user failed to contact iMobie tech support before posting a rating. 4.4 stars (Excellent) overall: https://www.trustpilot.com/review/www.imobie.com.

  • Like 1
Link to post
Share on other sites

Hey alvarnell,

Greatly appreciate your response over the weekend. Thanks very much for your help and advice.

I noticed there are some articles purporting that other iMobie products are PUAs, such as this one: https://www.pcrisk.com/removal-guides/16396-macclean-unwanted-application

In this instance, amongst other ad-ware related threats, it mentions data-tracking capabilities. This is my biggest concern. I am wondering to what extent these programs could potentially bed into the macOS and perform tracking post de-installation? From what I have read, I know that macOS executes sophisticated and multi-layered protections (sandboxing etc.), therefore how easy is it for these programs to access data or implement changes without the user knowing - especially if a user has entered the admin password when prompted (as in my case)? Apologies for what is perhaps a spurious or rudimentary question, my knowledge is limited to the surface level stuff! 

When you mention you've had a look at the other PhoneClean application, do you mean you are able to look at the installer package and see what it is doing? Is there a definitive way to know the extent to which the application is interacting with your OS?


Appreciate your time,







Link to post
Share on other sites
  • Staff

We evaluated iMobie's stuff at some point, to consider detection as PUPs (potentially unwanted programs). Although it didn't meet criteria, and so I don't believe it would be harmful, it's also not the sort of thing I recommend using. iPhones are high-value targets, so software like this that gains access to your iPhone, or your iPhone backups, is not advised. You especially should never use any non-Apple software that asks for your iCloud/Apple ID credentials! Those credentials are also very high-value targets that could give an attacker potential access to all your Apple devices.

Make sure you back up your iPhone either to iCloud or to your computer. If you do the latter, make sure to keep your computer secure to protect those backups.

  • Like 1
Link to post
Share on other sites

Hello Thomas,

Thanks so much for the reply. Really appreciate the advice, and Happy New Year to you and everyone at Malwarebytes! 


We evaluated iMobie's stuff at some point, to consider detection as PUPs

OK, that is re-assuring to know.

Well, it's definitely a lesson learned. 

Having used the software with my iPhone, is there anything I should definitely do just as a precaution? (change iCloud password etc.?) 



Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.