Fake iOS Checkra1n jailbreak site installs slot machine game, generates click-fraud revenue

Graham Cluley

Fake iOS jailbreak site installs slot machine game, generates click-fraud revenue

Fake iOS jailbreak site installs slot machine game, generates click-fraud revenue

It’s just a couple of weeks or so since a vulnerability was discovered in millions of older iPhones and iPads.

The Checkm8 iPhone boot ROM exploit allows anyone which physical access to your iPhone to jailbreak it within seconds.

And because the exploit takes advantage of a vulnerability in the iPhone’s secure boot ROM – a hardware area of the phone which cannot be changed through a software update – Apple aren’t able to roll out a patch for it.

Boffins at Cisco Talos are now warning that someone has created a website that promises to let owners jailbreak their iPhones using the Checkm8 exploit, but actually installs apps with the intention of earning click-fraud revenue for fraudsters. Apps installed through the process can include a slot machine game called PopSlots.

The website in question is called checkrain[.]com (I wouldn’t recommend going there), and poses as a project from the jailbreaking community called checkra1n (note the “1” in the name).

The bogus site encourages users to install a malicious configuration file.

Checkra1n

In a YouTube video, a Cisco Talos researcher demonstrates what happens if you visit the bogus website and follow its instructions, believing your iPhone will be jailbroken.

As the researchers explain in their blog post, at the moment the ruse is only being used for click fraud but the potential is clearly there for more malicious attacks.

Don’t install configuration profiles from untrusted onto your Apple iOS device, as it could allow an attacker to seize control of your iPhone or iPad.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.