What is the issue?
Researchers from Cisco Talos have found that scammers are using fake Checkra1n iOS jailbreak in a new click fraud campaign.
More details about the scam
Checkra1n is a recently developed iOS jailbreak tool that makes use of the Checkm8 jailbreak-enabling iOS bootrom exploit to modify the bootrom and load a jailbroken image onto the iPhone.
“The site even claims to be working with popular jailbreaking researchers such as ‘CoolStar’ and Google Project Zero’s Ian Beer. The page attempts to look legitimate, prompting users to seemingly download an application to jailbreak their phone. However, there is no application, this is an attempt to install malicious profile onto the end-user device,” researchers said.
Who are the targets?
This click fraud campaign primarily targets users in the US, followed by the UK, France, Nigeria, Iraq, Vietnam, Venezuela, Egypt, Georgia, Australia, Canada, Turkey, Netherlands, and Italy.
The checkm8 exploit only impacts iOS devices running on the A5 to A11 chipsets. The fake website used in this scam mentions A13-powered devices which is the first indicator of something dubious going on behind the scene. This shows that this website is not legitimate.
Additionally, this fake website claims that the user can install the checkra1n jailbreak without a PC, however, the checkm8 exploit actually requires the iOS device to be in DFU mode and is exploitable via the Apple USB cable.
Furthermore, the SSL certificate used on the fake chekra1n website is generated using LetsEncrypt. However, it should be noted that the legitimate checkra1n website does not use an SSL certificate.