Cisco Talos security researchers identified a new fraud scheme that uses a fake website of an apparent jailbreaking tool. Apple warned all users of older variants of iPhone to beware of this scheme.
Based on the recently released ‘chechra1n,‘ the campaign utilizes a fake website that states to give iPhone owners the capacity to jailbreak their devices. However, the malicious website, ‘ckeckrain.com,’ demands people to download a harmful profile and therefore fall victim to click fraud.
The real jailbreak created by security researcher axi0mX leverages the recently identified unsolvable ‘checkm8‘ vulnerability to alter the boot room and load a jailbroken content onto the iPhone. The checkm8 weakness affects all consequent models of the iPhone from the iPhone 4S all the way to the iPhone X.
How the Malicious checkra1n Scheme Functions
At first, the fake checkra1n website appears to be entirely legit, and it even uses names of renown researchers such as Google Project Zero’s Ian Beer and CoolStar. However, it offers some giveaways that clearly suggest it is fake.
For instance, even though the checkm8 exploit and the checkra1n jailbreak only affects iOS devices functioning on the A5 to A11 processors, the fake website claims the jailbreak also works on the A13.
Those visiting the website are required to download and install a ‘mobileconfig’ profile on their iPhones. As soon as the app is installed, a checkrain icon appears on the user’s iOS Home screen.
“The icon is, in fact, a kind of bookmark to connect on a URL,” said Warren Mercer and Paul Rascagneres, Cisco Talos security researchers. The icon may appear like an ordinary app, but it doesn’t function like one on the system level. It exists to enable the user to click the jailbreak app and therefore prepare the iOS jailbreak. After that, the user will notice various redirects appearing on their iPhone.
It eventually occurs in click-fraud, leading to numerous verification sequences and then topping on an iOS game install. The user is told to ‘have fun’ for seven days to guarantee their unlock takes place.
The security researchers discovered that most casualties of the fake website were located in the U.S. The U.K., U.S., France, Italy, Netherlands, Turkey, Canada, Georgia, Australia, Vietnam, Venezuela, Iraq, and Nigeria were the targets of this malicious campaign.
What To Do Now
First of all, it’s essential that you don’t download random profiles from the internet, especially those coming from unknown websites. These allow the attacker to configure and change settings on your iOS device, and even take complete control, ethical hacker John Opdenakker warns.
Security researchers might need to jailbreak their iOS devices, but they will typically know what they are doing, to the latest detail. If you are not entirely confident, it is a better idea to just leave your iPhone as it is.
“Unless you absolutely require jailbreaking your phone, I’d highly recommend against doing so,” advises Wright.
If you really need to jailbreak your device, study, and research to make sure you are downloading the valid content and following the correct guidelines.