Categories SecurityTech News

Checkrain fake iOS jailbreak site a menace to iPhone users

According to researchers at Cisco Talos Intelligence, there is a website that is capitalizing on a flaw in legacy iOS to trick iPhone users. The website, named Checkrain, promises to help users leverage the Checkm8 vulnerability to jailbreak their iPhone. In actuality, the only thing that users looking to jailbreak get from Checkrain is a nasty infection and a headache to follow in trying to clean their system.

Cisco Talos researchers state the following about the infection process in their blog post:

With this fake Checkrain[.]com iOS jailbreak, the user is asked to install a “mobileconfig” profile on their iOS device obtained from hxxps://Checkrain[.]com/checkra1n.mobileconfig note the SSL certificate used is LetsEncrypt generated certificate and also the name “checkra1n” is the real name of the available jailbreak. The real checkra1n website does not use an SSL certificate. This is another step the actor has most likely employed in an attempt to draw the user in.

Once the app is downloaded and installed, a Checkrain icon appears on the user’s iOS springboard. The icon is in fact a kind of bookmark to connect on a URL. This icon may look like an app from the user’s perspective, but it actually doesn’t work like one at all on the system level... you will notice multiple redirects occurring on the user’s iOS device. This ultimately occurs in click-fraud, resulting in multiple verification chains and then finishing on an iOS game install, with in-app purchases available. The chain used in this processes through several ad-tracking, verification, geolocation and, finally, campaign delivery. In this case, it downloads from the Apple store an iOS app called “POP! Slots,” a slot machine game.

The fact that Checkrain can leverage a LetsEncrypt SSL certificate lends credibility to the website which is, of course, a massive issue that devs at LetsEncrypt should fix. This is not the first, nor the last likely, time that LetsEncrypt has issued SSL certificates to malicious websites and this is a huge issue. It is likely that this, along with iPhone users not doing their homework on a website, has allowed a decent amount of individuals to fall victim to this clickjacking scheme. According to Cisco Talos, the vast majority of victims of Checkrain appear to be localized to the United States. Other countries have been targeted by this scheme, however, including the United Kingdom, France, Nigeria, Iraq, Vietnam, Venezuela, Egypt, Georgia, Australia, Canada, Turkey, Netherlands, and Italy.

Take extra care when trying to jailbreak your iPhone, else you wind up like these unlucky folks.

Featured image: Flickr/Miki Uchida

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Facebook creating deep fakes — and for genuinely good reasons

Deep fakes are a catastrophe waiting to happen. Facebook’s attempt to create a tool that differentiates between real and fake…

2 hours ago

Microsoft Intune gets a new streamlined user experience

Microsoft Intune is getting a bunch of new updates that will streamline the administration experience for users of the popular…

6 hours ago

SD-WAN: Is this going to be your network of the future?

As businesses evolve into a SaaS/IaaS model for accessing applications, new network technology is crucial. SD-WAN is just such a…

9 hours ago

Monitoring Exchange and the rest of your network to avert disasters

What you don’t know about Exchange and your network can come back to bite you. Monitoring Exchange is one way…

1 day ago

Quick tip: Removing warning messages from Azure cmdlets

Warnings are nice, except when they are annoying and unnecessary. Here’s a tip to show you how to remove warning…

1 day ago

Is the Group Policy Central Store still relevant in the age of Windows 10?

Having a Group Policy Central Store in Active Directory made life easier for administrators. But does it still work in…

1 day ago