Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

Scammer Uses Fake iPhone Jailbreak for Fraud Scheme

The jailbreaking community is currently working on a legit tool for older iPhones, dubbed Checkra1n. But in the meantime, a scammer is capitalizing on that name with a website that pretends to offer the tool but is really just a click-fraud scam.

By Michael Kan
October 15, 2019
Apple iPhone 8

A scammer is using an upcoming iPhone jailbreaking tool to trick users into installing shady apps.

Last month, the iOS jailbreaking community rejoiced at the discovery of the checkm8 vulnerability, which promises to let iPhone owners modify the mobile OS and install unsanctioned third-party apps.

That community is currently working on tool, dubbed "Checkra1n," that'll enable a full iOS jailbreak for iPhone models from the 4s to the iPhone X. But in the meantime, a scammer decided to capitalize on the Checkra1n name by spoofing a website that pretends to offer the jailbreaking tool.

fake checkrain

The site can, found at checkrain[.]com, includes a button to download the Checkra1n software. But in reality, the site is trying to trick users into installing unrelated third-party apps for click fraud, according to researchers at Cisco's Talos security group.

To fool users, the checkrain[.]com site claims its been working with iOS jailbreaker "CoolStar," and even Google security researcher Ian Beer, on the jailbreaking tool. The site also claims Checkra1n will work on the latest iPhone models installed with the A12 and A13 processors and that it requires no connection to a PC—all false statements. (The checkm8 vulnerability only works on iPhone models with the A5 chip to the A11.)

If you do click on the fake site's download link, you'll be asked to install a "mobileconfig" profile on your iOS device that's disguised to look like a mobile app. "Once the app is downloaded and installed, a checkrain icon appears on the user's iOS springboard. The icon is in fact a kind of bookmark to connect on a URL," Talos security researchers Warren Mercer and Paul Rascagneres wrote in today's post.

Tapping on the fake Checkra1n icon will then bring up a web page that claims your device is installing the jailbreak. But in reality, the device is simply running some Javascript that shows a fake loading screen. At the end of the process, you will then be asked to install additional third-party apps to complete the jailbreak.

"The fake jailbreak process tells the user to have fun for seven days to ensure their unlock completes," Cisco's Talos security researchers said. "This is obviously nonsense—the user will merely provide more interactive sessions through the gameplay, which may result in additional revenue for this attacker."

Fortunately, the whole scheme is focused on click fraud and nothing more malicious. According to the researchers, the fake website was mainly targeting users in the US, Canada, and several European countries. The fake checkrain[.]com site also appears to still be up. However, visiting it can now trigger the Chrome and Safari browser to post a warning about the site's malicious nature. The real Checkra1n site is at checkra1n.com, but it has yet to post anything.

If you downloaded the fake checkra1n app, Cisco's blog post has details on how to remove it.

iPhone 11s confirmed to have Intel modems
PCMag Logo iPhone 11s confirmed to have Intel modems

Like What You're Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Michael Kan

Senior Reporter

I've been with PCMag since October 2017, covering a wide range of topics, including consumer electronics, cybersecurity, social media, networking, and gaming. Prior to working at PCMag, I was a foreign correspondent in Beijing for over five years, covering the tech scene in Asia.

Read Michael's full bio

Read the latest from Michael Kan