Application Security IT Security

iPhone Calendar Viruses

What are iPhone Calendar Viruses?

Over the last few years, cyberattackers have been increasingly targeting the iPhone calendar app in an attack known as “calendar spam.” In these attacks, iPhone users have reported that their calendars have been filling up with strange appointments, reminders, and other junk events that are often pornographic or contain warnings about device compromise. Often, these entries are triggered by your getting subscribed to a third-party calendar where all of these calendar entries contain malicious links that, when clicked, could infect your device with a virus, give a cyberattacker access to the information on your device, or install ransomware that will allow the cyberattacker to extort money from you. Examples of messages in iPhone calendar spam include1:

  • Viruses on your iPhone?! CLEAN THEM NOW
  • Ensure Your Online Protection, Click Now!
  • Your Phone is not Protected! Click to protect
  • Clear your iPhone from Malicious Attacks!
  • Your iPhone Has Been Infected with a Virus! Remove it now
  • Who wants a Free Apple Music Subscription?
  • Congratulations, you won!
  • iPhone 13 is here, pick it up or rearrange delivery
  • Easy Short-Term Loans – Apply Online
  • Black Friday Sales – ACT NOW
  • It’s your lucky day
  • You have (1) Pending Package

Apple’s calendar app allows anyone to send calendar invitations, so it is possible, if you receive calendar spam, that you had inadvertently clicked on a deceptive calendar invite. It is also possible to be tricked into subscribing via malicious websites, fake captchas that are designed to make you press certain keys that trigger malicious downloads, or clicking on a spam text.

To prevent iPhone calendar spam:

Block pop-ups on Safari. Go to Settings>Safari and turn on Block Pop-ups and Fraudulent Website Warning to adjust those settings.

Avoid clicking on unknown links, attachments, and even capchas. The best defense against calendar spam is not clicking on anything that could install it. If you do receive calendar spam- do not interact with it except for deletion.

Review and change calendar settings. Ensure that none of your devices are set up to auto-accept calendar invites and change your calendar settings to prevent notifications.

Use discretion when sharing your email address. In order to protect your primary email address, you may want to use a secondary one for sharing.

Install web protection solutions. Many solutions can prevent you from visiting malicious pages in Safari.

Don’t believe dire warnings. If any button is calling for an urgent action on your part, be suspicious.

1 Kaspersky, 2022, “How to get rid of a calendar virus on different devices”