Can someone review this log and tell me if suspcious

I have the same concern-

I have notice in my system services

‘RemoteiCloudQuotaUI’

This wasn't there to long ago, I have seen that code on your phone.
I looked at a new phone, and the above was not on that phone.

Can you give info on what is happening?
:)

Yes, trust your intuition on this one. Your data and ID is hijacked most likely by ransomeware.

Same here. We’re you able to resolve? I believe my ID or phone is registered as a managed device but I can’t seem to find any proof or resolution. Any help would be greatly appreciated.

I have the same issue here, recently had security issues with Apple ID and had to get a new one / couldn’t transfer anything. Now this is happening on new iPhone / AppleID. No help with support. Did you ever get an answer?

I have been coding since I was 11 and now am 37 and a senior lead for c# / JavaScript team. That being said am just now getting into iOS. I have caught many security issues on my iPhones that later came out to public so I’m taking up interest to start learning iOS coding to understand these better. That being said, how are you obtaining this log? Also as another user stated, trust your gut. I keep seeing someone was doing a sort of RDP session on my iPhone randomly noticing by knowledge of this field only and details. Randomly my resolution would be off, screen turn would work but visual layout would stay non rotated, click haptics would go silent etc. like a profile was not matching mine on my phone subtly. If I could data and Wi-Fi for min then turned data back on it was like a new phone again. Killing the remote session. Anyways. Did you find out more on this question?

Anything?

I am having the same thing happen to my account! and I have been having this issue for about three months maybe even longer. I believe they are using sum android apps that write code foe apple and Macs. and once they get your email its no longer useful because they do a back up of your device without you knowing and when you restore your phone and then reset the phone and pull anything out the cloud what ever they put on the phone from before go's right back on I have lost three apple ids.

Me too. I’ve changed phones, iCloud accounts, routers… the worst part is the time drain of not having my devices ever really running efficiently, as they were designed too

RTCReporting_messageLog_2025-01-25-19-39-09.txt

[ ] See I have two of those logs if anyone more inform and knowledgeable than myself or has learned anything on this please let me know. ive found all same logs as you all and what not also found out something about firebase from GitHub also some stuff about superuser access to install app clips applic for monitoring with was practically impossible to find only managed to disable. I’ve tried new phone new account my service provider you name it best I could find out was there is a custom app monitoring and editing my settings accounts screen monitorIng stuff being deleted and downloaded then when it will randomly sometimes constantly say passcode was recently changed when it wasnt my phone always displays the letter or number I type in my password box regardless app website browser. mail app rules I never created . I could go on there is so many red flags But I contacted apple and it seems like they are stringing me along avoiding giving me the information or help like they’re are waiting for confirmation from someone then I just get the whole call us we don’t know reset your iphone or upgrade but the support agent slipped up and mentioned something about a MAC and my iPhone . I never owned a Mac so i played dumb and said my Mac was stolen and she said well it’s not online atm I can’t give you no information on it you have to look it up the whole bs run around. then agent says whats the serial number of your Mac. But ive never owed or seen a Mac on my account but there has always been sign of the culprit being a Mac. Like this log i found I saved it to my files looked at it before I save it cool was .txt file i just looked at it and it was changed to spi or something weird I forgot which made the file appear blank. Also found some jhsn files on my device

Here’s them in file to make sure they both there

i'm afraid you have trouble friend If it's anything like what I'm dealing with your phone is just the beginning I hope for your sake I'm wrong but I've been dealing with this for about five years now Apple personnel are in capable of admitting that something like this is even possible mostly because they assume that if your device was hacked it would be by normal threat actors for the standard reasons these people are not after money and they have probably had physical access to your phone at some point which is easier for them than most people would imagine there's much more to say but I'll leave it at that for now pending response from anyone who believes they've been dealing with the same threat

I can confirm stated concerns, i've been dealing with this for over a year now.

I believe all our devices (iphones, ipad, windows pc's, synology nas, network printers, and possibly router) were compromised at some point. (Or still are) Suspected attacker briefly had physical access to my iphone and laptop at some point, and has been actively hacking our wifi network at night.

Iphone / apple account silently being enrolled in beta / developer updates, "MDM-enrollment is mandatory: YES" Settings changing on its own, iphones randomly asking for password. Iphone running on 1% battery for many hours straight. Static noices in calls, calls not coming through, camara and microphone indicator lighting up for no reason.

Even after wiping and reinstalling IOS in DFU mode: setting up as new device shows message "This device is allready partially setup." Selecting "erase and start over" just creates a loop.

I've been combing out iphone backups with iMazing, and keep finding more and more indicators of the devices being managed, supervised, enrolled in MDM environments and what not where they absolutely should not be.

Oh, i've contacted Apple Support a few times, after you're finally get put trough to level2 support you might get some confirmations or info on these processes but you need to be very specific. For instance, i've been confirmed an MDM enrollment or installed configuration profile or literally any other setting can simply be hidden from the user interface when enrolled in mdm. Also i've found plists listing App store overlay, SuppressShowingInSettings, systemcustomization, and many more. This also explains why my UI always looks a bit different after another DFU wipe and restore. However, they did tell me I shouldnt be able to use my iPhone, since it should have an activation lock on it. Go figure.

When triggering a sysdiagnose on iphone, it creates a log in "Privacy and security" / Analytics and improvements / Analytics. Share the sysdiagnose file to folder so you can open individual .plist files locally on your iphone.

I've been searching through many files, logs, plists and jsons. Giving ChatGPT extensive instructions to analyse these files and search for indicators of mdm, proxied traffic, remote managed settings, syncing of devices, etc.

I am slowly building my findings, but this stalkerware is well hidden and deeply integrated in or abusing legitemate ios processes making it difficult to prove and trace back to the culprit for now.

We need a community to gather and combine our research, and a few experts willing to investigate this further.

Dealing with same. Have attempted to sanitize, have quarantined all devices, changed router, changed devices x3, pre and post paid, changed device manufacturer, transfer provider, cancel cable, hell we even cut up and threw away all chip cards. After doing all the above in tandem was able to get a week or so of ”normalcy”. Have become much more educated over last 90 days for sure. All the above fits my description, however I believe that they are targeting crypto wallets. Agree that it’s a spy or malware, can’t agree enough that it’s more personal than financially motivated. Apple (especially Apple Community) act as though their first born will cease to function by admitting that a high school kid with a gaming computer can log into github and easily take ownership of any device. Swear you gotta be important and it takes millions of dollars to get into iPhones. So happy I found this thread, especially with an expert who’s at least willing to admit it’s possible. I’ve just started reading (and unzipping/translating the syslogs and have some interesting findings. I also found an article recently while researching that piqued my curiosity re: a Chinese malware that hides very well and rewrites standard apple functions to remain hidden. Not going to post a random link here for obvious reasons but the site was blackhat if you’d like to look for it. Look forward to hearing/sharing results and findings…

hi all, great to know i am not alone. i have been uncovering this weirdness for the past month and am at the point where i can no longer tell if this may be normal IOS activity or indicators of compromise. i dont want to sound like those apple glazers denying everything but its unfathomable to me how this "malware" is able to do what its doing.
the threat actor would need to have an insanely strong knowledge of the inter-workings of ios and macos along with access to some insanely rare, obscure, and expensive zero-click exploits, which doesn't make any sense as my data is worthless!!

nevertheless, i have not found any direct indicators of compromise other than the presence of logs that others in similar situations have reported seeing and my own suspicions. no accounts have been logged in to, literally nothing other than suspicions and talk on forums (most of which are entries from schizos or people who have little to 0 idea about what they are talking about).

i have however found mentions of app clips in different menus within settings but these are all empty menu's and likely just placeholders.

id love to hear about what you guys think may have been the initial attack vector, for me it would have been contact via usb with an infected windows machine (also never fully confirmed to be compromised, only odd activity (bitdefender firewall being turned off after blue screen), no stolen accounts, etc)

i am sick and tired of worrying about this but i cant risk having all my personal data leaked.

Just chiming in, I also started experiencing many of these symptoms about a year ago. Spent too much time trying to figure out why or how. There's no way to get rid of it best to just learn how to live with it. I like watching p*rn so the entity (person/persons) can tag along with me. Don't waste your money trying to buy new devices, etc. Best I got after new router, was a Mac book good for an hour before a partition was downloaded and installed- not able to remove, apple wasn't either they just gave me another laptop. I don't use it anymore collects dust. Good luck to you all, I'll be surprised if this posts.