New Click Fraud Scam Uses Fake Checkra1n iOS Jailbreak

• Scammers are taking advantage of this new jailbreak tool and are hosting fake checkrain[.]com website that claims to give iPhone users the ability to jailbreak their phones.
• However, this fake website urges users to download a malicious profile which allows the scammer to conduct click fraud.

What is the issue?

Researchers from Cisco Talos have found that scammers are using fake Checkra1n iOS jailbreak in a new click fraud campaign.

More details about the scam

Checkra1n is a recently developed iOS jailbreak tool that makes use of the Checkm8 jailbreak-enabling iOS bootrom exploit to modify the bootrom and load a jailbroken image onto the iPhone.

• Scammers are taking advantage of this new jailbreak tool and are hosting fake checkrain[.]com website that claims to give iPhone users the ability to jailbreak their phones.
• This fake website lures iPhone and iPad users into installing an application that allows them to jailbreak their devices.
• However, this site urges users to download a malicious “mobileconfig” profile which allows the scammer to conduct click fraud.

“The site even claims to be working with popular jailbreaking researchers such as ‘CoolStar’ and Google Project Zero’s Ian Beer. The page attempts to look legitimate, prompting users to seemingly download an application to jailbreak their phone. However, there is no application, this is an attempt to install malicious profile onto the end-user device,” researchers said.

Who are the targets?

This click fraud campaign primarily targets users in the US, followed by the UK, France, Nigeria, Iraq, Vietnam, Venezuela, Egypt, Georgia, Australia, Canada, Turkey, Netherlands, and Italy.

Worth noting

The checkm8 exploit only impacts iOS devices running on the A5 to A11 chipsets. The fake website used in this scam mentions A13-powered devices which is the first indicator of something dubious going on behind the scene. This shows that this website is not legitimate.

Additionally, this fake website claims that the user can install the checkra1n jailbreak without a PC, however, the checkm8 exploit actually requires the iOS device to be in DFU mode and is exploitable via the Apple USB cable.

Furthermore, the SSL certificate used on the fake chekra1n website is generated using LetsEncrypt. However, it should be noted that the legitimate checkra1n website does not use an SSL certificate.