Categories SecurityTech News

Checkrain fake iOS jailbreak site a menace to iPhone users

According to researchers at Cisco Talos Intelligence, there is a website that is capitalizing on a flaw in legacy iOS to trick iPhone users. The website, named Checkrain, promises to help users leverage the Checkm8 vulnerability to jailbreak their iPhone. In actuality, the only thing that users looking to jailbreak get from Checkrain is a nasty infection and a headache to follow in trying to clean their system.

Cisco Talos researchers state the following about the infection process in their blog post:

With this fake Checkrain[.]com iOS jailbreak, the user is asked to install a “mobileconfig” profile on their iOS device obtained from hxxps://Checkrain[.]com/checkra1n.mobileconfig note the SSL certificate used is LetsEncrypt generated certificate and also the name “checkra1n” is the real name of the available jailbreak. The real checkra1n website does not use an SSL certificate. This is another step the actor has most likely employed in an attempt to draw the user in.

Once the app is downloaded and installed, a Checkrain icon appears on the user’s iOS springboard. The icon is in fact a kind of bookmark to connect on a URL. This icon may look like an app from the user’s perspective, but it actually doesn’t work like one at all on the system level... you will notice multiple redirects occurring on the user’s iOS device. This ultimately occurs in click-fraud, resulting in multiple verification chains and then finishing on an iOS game install, with in-app purchases available. The chain used in this processes through several ad-tracking, verification, geolocation and, finally, campaign delivery. In this case, it downloads from the Apple store an iOS app called “POP! Slots,” a slot machine game.

The fact that Checkrain can leverage a LetsEncrypt SSL certificate lends credibility to the website which is, of course, a massive issue that devs at LetsEncrypt should fix. This is not the first, nor the last likely, time that LetsEncrypt has issued SSL certificates to malicious websites and this is a huge issue. It is likely that this, along with iPhone users not doing their homework on a website, has allowed a decent amount of individuals to fall victim to this clickjacking scheme. According to Cisco Talos, the vast majority of victims of Checkrain appear to be localized to the United States. Other countries have been targeted by this scheme, however, including the United Kingdom, France, Nigeria, Iraq, Vietnam, Venezuela, Egypt, Georgia, Australia, Canada, Turkey, Netherlands, and Italy.

Take extra care when trying to jailbreak your iPhone, else you wind up like these unlucky folks.

Featured image: Flickr/Miki Uchida

Derek Kortepeter

Derek Kortepeter is a graduate of UCLA and tech journalist that is committed to creating an informed society with regards to Information Security. Kortepeter specializes in areas such as penetration testing, cryptography, cyber warfare, and governmental InfoSec policy.

Published by
Derek Kortepeter

Recent Posts

Docker, Microsoft unveil easier way to deploy Azure containers

Docker and Microsoft have rolled out a new and easier way for developers to deploy…

7 hours ago

Improvements on the verify domain error in Office 365

The verify domain error when registering the same domain in Office 365 to a different…

11 hours ago

Using VMM to run scripts to manage remote Hyper-V hosts

When it comes to the bulk management of Hyper-V hosts (or of any Windows server,…

14 hours ago

Shiny Hunters hacking group breach Home Chef database

The Shiny Hunters hacking group has struck again. This time they hit meal-prep delivery company…

1 day ago

Review: Specops uReset Active Directory self-service password reset

Specops uReset is an Active Directory password reset solution to handle the problem of forgotten…

2 days ago

Reports say eBay port scanning incoming visitors. Why?

According to several reports, eBay may be port scanning visitors to its site. While this…

4 days ago