News

Fake iOS Jailbreak Lures iPhone Users to Click Fraud Campaign

Giulio Saggin
Giulio Saggin
Tuesday, 28 November 2023

iPhone users expecting to download an iOS jailbreak* have been lured into a click fraud campaign instead. Scammers are using a fake website that, while claiming to offer iPhone users the checkra1n jailbreak, merely prompts them to download a malicious profile, reports Cisco Talos researchers. The checkra1n jailbreak uses the checkm8 vulnerability to modify the bootrom, which allows users to control the boot process. The malicious website - checkrain[.]com - asks users to install a "mobileconfig" profile on their iOS device. This profile even comes with an SSL certificate - which checkra1n doesn't use - to add an aura of authenticity. Once installed, a checkrain icon appears on the user's iPhone. "The icon is in fact a kind of bookmark to connect on a URL," said the researchers. "(It) may look like an app from the user's perspective, but it actually doesn't work like one at all on the system level." When the user clicks on the icon, the next step in the ruse unfolds and a web page loads in full screen with no search bar, address/URL bar and bookmarks and a message stating: "Checking your device before accessing checkra1n jailbreak." Several more steps of the download process take place, including numerous redirects, before finishing on an iOS game install, with in-app purchases available. "It really goes through the effort of trying to make the user believe they're being exploited," said the researchers. "But all that's happening is they're generating click fraud (by) making sure you install one of these apps it then uses to make revenue for the adversary." While this 'scenario' only involved click fraud, the researchers stated that what happened here could easily be used for "more malicious and critical actions. Instead of a web clip profile, the attackers could implant their own MDM (mobile device management) enrolment." *A jailbreaking device bypasses Apple's restrictions on the operating system and allows users to install apps that aren't authorised by Apple. On the downside, the security protections built into the iOS are removed.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203