MessagesViewService [666] —New Malware/spyware type?

<21bbaba8385f3a2b9f4615d30cd2862b> /System/Library/PrivateFrameworks/Celestial.framework/Celestial.

393c6a96c4cd3fd196d2e59c9501eee3> /System/Library/PrivateFrameworks/Pegasus.framework/Pegasus 0x1b7fb9000

Sounds like you have been Watchlisted.

WOW The exact same thing happened to me, probably one of the neighbours testing development apps on your account through wifi access . Check your internet providers hardware , all the way to the power pole. I’m still having crazy issues . 3 brand new MacBooks, I iMac, 1 iphone12 pro max, and now my iPad Pro, 50000 school year,every account I’ve ever made destroyed now my friends and family think I’m losing my mind and to top it off I I love apple and Adobe and need them for what I want to do for a career , Now Apple and Adobe think I’m shady and doing all this and are almost ready to blacklist me,It’s the worst thing I’ve ever experienced. Just when I am trying to change my ways and be good . Terrible experience. If you find a solution please let me know.

Hello.

I respond to your query about winged horse malware, pegasaurus. I would also have a copy of imazing handy, two SIM cards and two iCloud accounts.

1. wipe the phone and reinstall iOS with your SIM card out.

2. activate the phone via a Mac, after a clean macOS install isolated from a network. No Bluetooth either or airplay or handoff.

3. create a new iCloud account with SIM card out.

4. Turn on airplane mode immediately.

5. disable iMessage and FaceTime immediately. All items in both apps must be manually turned off. Don’t turn off airplane mode.

6. Prepare to turn off find my, and all other location services.

7. Tun off airplane mode. Rush to turn off find my, and all iCloud services.

8. turn off all notifications and Siri. Also turn off all Siri learning.

8a. Download all needed apps, delete all inexcusable apps.

1. pop in SIM card.

2. turn on two factor authentication.

3. Sign out of iCloud.

4. Backup iPhone to Mac again.

5. Pop out SIM card.

6. restore iPhone.

7. use imazing confgurstor to supervise and run apps in a profile.

8. avoid T-Mobile sims, ATT gives NSO Group most difficult time. Verizon also better than T-Mobile for protection but not as good as att. Something about the old Nortel switches they have.

9. Here’s a simple explanation. Even if you can do this very well, winged horsey also will get you via Bluetooth. They use with FORCEDENTRY a program called 44CALIBER or jsgreeter44. It is a Java script hack of classic Bluetooth. I may have accidentally made the old GitHub public on accident. But you work see people trying to pretend they are Russian on that forum.

10. here’s how horsey works. When you activate and iPhone, they get all your information, phone id, hardware information, etc, so you cannot hide.

11. Then within 24 hours you get a text message with a link. That message tricks iMessage into thinking it is an android text and this exploits tls 1.3 and gets your keys to the kernel. By the time you get a text you’ve already been hacked. That’s because they infect you through iCloud services and activation transmission.

12. The text message is not necessarily the zero day but it can be. The text link points the exploit to an operator and encrypts the traffic sort of or proxies it. In either case you cannot use iCloud. They exploit -0500 and -0800.

20a. Change your default browser to anything but safari and use a browser without Java script for default.

1. they send an integer exploit for buffer overflow via iCloud before the text arrives.

2. there is a software that blocks the nso hacking tool but I will not say it here.

good luck.

W. 0’.

I hope that this helps you.

you guys are much more versed in the tech world than I am , but what if it isn’t necessarily ‘hackers , what if it’s Google and apple using these programs and info .. cuz it’s in my analytics and data tab also .. I assumed all that code and script was all the data being farmed from my phone by apple /and or Google analytics / …and or whoever else! Puts profits above morality ..

I had my old Apple ID (that I had for my whole life) deleted. I was extremely frustrated and sad because I lost all of my ICloud contents as well (photos, music, texts, movies, books, etc.). This happened to me about 6 or 7 months ago. I contacted Apple and they said they DISABLED my account for “Security reasons” or something Security related. (My security was compromised or something?) But Apple said that they couldn’t tell me why. They couldn’t even tell me WHY they deleted hundreds of dollars of my itunes contents. All of my paid apps and paid subscriptions, ruined and wasted.

I made another AppleID, which I am using now.

But my Macbook Air is where the REAL problem lies. I am almost certain that it is infected with some malware or virus. I don’t know much about either, so please help me out here. The problems include: Random crashing for years now- i think since 2017 or ‘18 (got laptop in 2015), screen stays black and inactive (won’t power up) when i try to turn it on & ONLY will start by doing SMC reset on keyboard, it’s very slow most of the time (seems to be lacking storage but i have already deleted many things taking up storage…)

I used to play video games on this laptop (Minecraft and maybe Roblox). Maybe during then, I acquired a virus, i don’t know.

Today, I went to setting and checked to add “Printer Sharing” for myself. I noticed there is another user on my laptop, under the name “_fpsd”. Who is this? Why are they there? The user is not showing on Login screen…

So, naturally, i lookup how to find malware on your laptop , and it says to check extensions on browsers. No extensions were installed so I went to Safari> Preferences> Security> Plug-in Settings. There, I found “Roblox Launcher Plugin” (“NPRoblox.plugin”). Says it was created July 13, 2015. When i tried to open it, “Terminal quit unexpectedly” Message popped up with a ton of lines of code below. Can someone help me interpret this coding? Or attribute this problem to something? Please let me know!

I am pretty sure I was hacked in 2015 too….

I had my old Apple ID (that I had for my whole life) deleted. I was extremely frustrated and sad because I lost all of my ICloud contents as well (photos, music, texts, movies, books, etc.). This happened to me about 6 or 7 months ago. I contacted Apple and they said they DISABLED my account for “Security reasons” or something Security related. (My security was compromised or something?) But Apple said that they couldn’t tell me why. They couldn’t even tell me WHY they deleted hundreds of dollars of my itunes contents. All of my paid apps and paid subscriptions, ruined and wasted.

I made another AppleID, which I am using now.

But my Macbook Air is where the REAL problem lies. I am almost certain that it is infected with some malware or virus. I don’t know much about either, so please help me out here. The problems include: Random crashing for years now- i think since 2017 or ‘18 (got laptop in 2015), screen stays black and inactive (won’t power up) when i try to turn it on & ONLY will start by doing SMC reset on keyboard, it’s very slow most of the time (seems to be lacking storage but i have already deleted many things taking up storage…)

I used to play video games on this laptop (Minecraft and maybe Roblox). Maybe during then, I acquired a virus, i don’t know.

Today, I went to setting and checked to add “Printer Sharing” for myself. I noticed there is another user on my laptop, under the name “_fpsd”. Who is this? Why are they there? The user is not showing on Login screen…

So, naturally, i lookup how to find malware on your laptop , and it says to check extensions on browsers. No extensions were installed so I went to Safari> Preferences> Security> Plug-in Settings. There, I found “Roblox Launcher Plugin” (“NPRoblox.plugin”). Says it was created July 13, 2015. When i tried to open it, “Terminal quit unexpectedly” Message popped up with a ton of lines of code below. Can someone help me interpret this coding? Or attribute this problem to something? Please let me know!

“Pegasaurus-Rex” posted a technical defense against NSO group. But that does not protect everybody.

Apple Retail, in Charlotte, NorthCarolina, at North Lake Mall, used hacking cables against its customer and a U.S. Citizen. The employees Myesha and Nick mislead, deceived, and harmed someone by their own actions.

So even if you are a journalist or academic, like said customer, you are not safe. Apple will not protect you. That sounds sad when you read the text aloud. Apple chose not helping open active shooters iPhone. Yet Apple used hacking cables on an academic or journalist.

I do not put anything past Apple now. I used to believe in their principles. I no longer believe in them.

5 yrs I have been victimized by these cyber crims. Documenting every little detail. It is my former neighbor and his band of misfits. A former employee of IBM, specializing in Open Stack, and Remote Access Technology. A descendant of the worlds leading provider of 2 way communication, and a daughter of an Intel engineer. My local law enforcement won't even look into it because 1- they are afraid of these red hats, oops, I mean black hats. 2- some officers are involved in it. Connections to Wells Fargo, Verizon, Visa, Microsoft, etc. It is a rather frightening situation. I have built an extensive case over the last several years, but can not get it in the right hands. I'm followed, home and vehicle tampered with. Poisoned with RF radiation, focused microwaves, and EMF. I surely do not expect to win against such resources. But I could certainly turn a lot of lives up side down. They also use software labeled "Devil's Root". Harvest your contacts. Impersonate you, and infect all your contacts, and repeat. I have developed ways to identify the intrusions, and some what counter act lthem. It helps that I found 1 of my neighbors phone hidden in my vehicle, and just happen to have all their tricks and treats bundled in a happy little package. I really don't know what to do with the info, as I am not an engineer or developer. If anyone has the knowledge to develop a fix, I would be more than happy to provide you the goods. For white hat purposes only. I know who the players are. I know what they are using, and how they are using it. I just do not have the power or resources to do anything about it. They will certainly dispose of me, but the world will know my name, my story, who the players are, and who killed me.

hello.

I copy and paste most helpful response. below response work because Pegasus or phantom in US work by virtual replicating phone.

Pegasus work with stealing sim and MAC address on phone. Then use virtual developer phone and live apple hardware after steal your passwords.

operators have a virtual phone for real time monitoring, make your what’s app call like walk-in talkie. They use virtual audio Chanel with XPC services. Other live hardware update over time for installing malware plist files after integer exploit on kernel.

below best defense. Not perfect but works temporarily.

“Hello.

I respond to your query about winged horse malware, pegasaurus. I would also have a copy of imazing handy, two SIM cards and two iCloud accounts. wipe the phone and reinstall iOS with your SIM card out. activate the phone via a Mac, after a clean macOS install isolated from a network. No Bluetooth either or airplay or handoff. create a new iCloud account with SIM card out. Turn on airplane mode immediately. disable iMessage and FaceTime immediately. All items in both apps must be manually turned off. Don’t turn off airplane mode. Prepare to turn off find my, and all other location services. Tun off airplane mode. Rush to turn off find my, and all iCloud services. turn off all notifications and Siri. Also turn off all Siri learning. 8a. Download all needed apps, delete all inexcusable apps. pop in SIM card. turn on two factor authentication. Sign out of iCloud. Backup iPhone to Mac again. Pop out SIM card. restore iPhone. use imazing confgurstor to supervise and run apps in a profile. avoid T-Mobile sims, ATT gives NSO Group most difficult time. Verizon also better than T-Mobile for protection but not as good as att. Something about the old Nortel switches they have. Here’s a simple explanation. Even if you can do this very well, winged horsey also will get you via Bluetooth. They use with FORCEDENTRY a program called 44CALIBER or jsgreeter44. It is a Java script hack of classic Bluetooth. I may have accidentally made the old GitHub public on accident. But you work see people trying to pretend they are Russian on that forum. here’s how horsey works. When you activate and iPhone, they get all your information, phone id, hardware information, etc, so you cannot hide. Then within 24 hours you get a text message with a link. That message tricks iMessage into thinking it is an android text and this exploits tls 1.3 and gets your keys to the kernel. By the time you get a text you’ve already been hacked. That’s because they infect you through iCloud services and activation transmission. The text message is not necessarily the zero day but it can be. The text link points the exploit to an operator and encrypts the traffic sort of or proxies it. In either case you cannot use iCloud. They exploit -0500 and -0800. 20a. Change your default browser to anything but safari and use a browser without Java script for default. they send an integer exploit for buffer overflow via iCloud before the text arrives. there is a software that blocks the nso hacking tool but I will not say it here. good luck. W. 0’. I hope that this helps you.”

Pegasus.framework is a video process used by iOS devices, as opposed to the Warfare Spywear Pegasus(NSO Group).

i have had similar issues and can tell you that this malware is associated with a « loose AI Neural Network Processor » that has destroyed many platforms. This system uses « pegasus like processes ».

I would check for any of the following in your analytics…

skywalk_fsw_reap_en0 AppleS5L8940XI2CController AppleBCMWLANBusInterfacePCIe skywalk_doorbell_pdp_ip0_tx

These are indeed associated with the NSO Group and Pegasus spywear….AND…..are also associated with this Neural Network system AS WELL (although the two situations have nothing in common with each other other then the fact that those using them are federally illegally breaching unfortunate targets).

In Any case..

These are common to a JavaScript exploit used against a Bluetooth attack vector. They are usually installed with jsgreeter44 or 44CALIBER. These binaries are on github and used in the United States by USPIS.

The short range radio exploit comes AGAIN from the NSO Group, an Israeli company. You can tell by the integer sequencing and some other sources. In short, this allows for the creation of an xpc bundle IN YOUR SYSTEMS.

Erasing at Apple platforms does absolutely nothing but wasting time. These vulnerabilities corrupt the CPU, bios processes and the recovery partition…the one used to « re-install a fresh new operating system ». And moreover, once whichever source sends out these exploits and obtains your MAC Address of the device, wherever that device resurfaces (even after Factory Resetting etc)…it will pop back on the map and is immediately re-traceable. Check for the above mentioned processes and do post here what you find…

Please help me. These hackers will not stop and I have no clue why me If you really want to find some scary info run a sysdiagnoses and dig into system_logs.log archive file. I’ve only been able to partially open the files located in this Zip but what I can see is terrifying. Files contain info from app use it seems; but not my usage. Such as: interactions with my bank app regarding late payments on my auto loan(I have no loans), airline apps contain info about foreign flights I’ve never taken, lots of CarPlay interactions and my car does not have car play. I’m terrified about what/why this is happening to me and what kind of messes it will create in the future.