Home Tech Checkrain fake iOS jailbreak site a menace to iPhone users

Checkrain fake iOS jailbreak site a menace to iPhone users

According to researchers at Cisco Talos Intelligence, there is a website that is capitalizing on a flaw in legacy iOS to trick iPhone users. The website, named Checkrain, promises to help users leverage the Checkm8 vulnerability to jailbreak their iPhone. In actuality, the only thing that users looking to jailbreak get from Checkrain is a nasty infection and a headache to follow in trying to clean their system.

Cisco Talos researchers state the following about the infection process in their blog post:

With this fake Checkrain[.]com iOS jailbreak, the user is asked to install a “mobileconfig” profile on their iOS device obtained from hxxps://Checkrain[.]com/checkra1n.mobileconfig note the SSL certificate used is LetsEncrypt generated certificate and also the name “checkra1n” is the real name of the available jailbreak. The real checkra1n website does not use an SSL certificate. This is another step the actor has most likely employed in an attempt to draw the user in.

Once the app is downloaded and installed, a Checkrain icon appears on the user’s iOS springboard. The icon is in fact a kind of bookmark to connect on a URL. This icon may look like an app from the user’s perspective, but it actually doesn’t work like one at all on the system level… you will notice multiple redirects occurring on the user’s iOS device. This ultimately occurs in click-fraud, resulting in multiple verification chains and then finishing on an iOS game install, with in-app purchases available. The chain used in this processes through several ad-tracking, verification, geolocation and, finally, campaign delivery. In this case, it downloads from the Apple store an iOS app called “POP! Slots,” a slot machine game.

The fact that Checkrain can leverage a LetsEncrypt SSL certificate lends credibility to the website which is, of course, a massive issue that devs at LetsEncrypt should fix. This is not the first, nor the last likely, time that LetsEncrypt has issued SSL certificates to malicious websites and this is a huge issue. It is likely that this, along with iPhone users not doing their homework on a website, has allowed a decent amount of individuals to fall victim to this clickjacking scheme. According to Cisco Talos, the vast majority of victims of Checkrain appear to be localized to the United States. Other countries have been targeted by this scheme, however, including the United Kingdom, France, Nigeria, Iraq, Vietnam, Venezuela, Egypt, Georgia, Australia, Canada, Turkey, Netherlands, and Italy.

Take extra care when trying to jailbreak your iPhone, else you wind up like these unlucky folks.

Miki Uchida

Latest articles

South African Airways, unions meet for talks amid damaging strike

JOHANNESBURG (PR News Corp) - South African Airways (SAA) and unions on Saturday met for talks the troubled state-run carrier hopes can bring an...

The Sony a7R IV is the best camera for landscape photographers

<!-- {OSPHeroImage} {/OSPHeroImage} {OSPIntroText} Landscape shooters have a unique set of requirements for their gear. On the image quality side of things, a good landscape camera should offer...

Microsoft Intune gets a new streamlined user experience

Microsoft recently began rolling out a refreshed and streamlined administration experience for Microsoft Intune. These features, which are now generally available, were determined based...

Southeast Asia: Final Fantasy VII and VIII Remastered Twin Pack coming 29th November

Square Enix has announced exactly when collectors and gamers who reside in Southeast Asia can pick up the exclusive Final Fantasy VII and VIII...