Older iPhone users are warned not to jailbreak their devices. Security researchers at Cisco Talos recently discovered the latest targeted click fraud campaign of a fake website (checkrain[.]com), promising to help iPhone users to jailbreak their phones. In truth, the site uses this as a front to let iPhone users download malicious profile and fall prey to click fraud.

How To Avoid Scam Sites

iPhone users must always make sure not to download random profiles from the Internet. Installing configuration profiles from unknown sites must be avoided at all costs. These sites are used by the attackers to not only manage the settings of your device but also to take control of it, warns ethical hacker John Opdenakker.

iPhone users who do not really need to jailbreak their device, must not attempt to jailbreak it. Usually, jailbreaking is performed by security researchers, but they know what they are doing. And, unless you are 100 percent confident of what you are doing, its best to leave your iPhone alone.

However, for those who are eager to jailbreak their iPhones, it is essential that you do your research. Always check the sites where you get the software and ensure that aside from following instructions, you are also downloading the right payload.

What Is The Latest iOS/iPhone Scam?

The new malicious campaign leverages a fake site that assures users to help them jailbreak their iPhones with the aid of the recently revealed “checkra1n.” however, the real checkra1n, which was developed by security researcher axiOmX utilized the checkm8 vulnerability to alter the bootrom and load a jailbroken image onto the Apple iPhone. At a glance, the fake checkra1n website seems legit and even mentions the name of popular security researchers like CoolStar and Ian Beer of Google Project Zero.

However, the site shows strong indicators easily giving away that it is fake. One of these is the claim that the checkm8 exploit and checkrain1 can jailbreak iOS devices running on the A5 to A13 chipsets. In reality, these exploits can only affect devices on A5 to A11.

Any user visiting the website is suggested to install a mobileconfig profile on their iPhone or iOS devices. When the app is downloaded and installed, an icon appears on the iOS springboard. According to Cisco Talos, the icon is a sort of bookmark that connects the device on a URL.

While it may look like an app from the point of view of the iOS or iPhone users, the security researchers stated that it does not work that way at all on the system level. Additionally, it enables users to click the jailbreak app and seemingly prepare the iOS jailbreak. After the process is completed, the iOS or iPhone user will notice several redirects happening on their iOS device.

This results in multiple verification chains and ending on an iOS game install that comes with in-app purchases. The iPhone or iOS user is then advised to have fun for seven days to make sure that the unlock is completed. In reality, the user simply allows more interactive sessions via the gameplay, which results in added revenue for the attackers, security researchers said.