





9





9 Shares

Checkm8 has emerged to be a real pain in the neck for Apple. Owing to the wide span of the effectiveness of this jailbreak for most iPhones and iPads, Checkm8 has become popular even before it reaches the hands of the people as a tool. And thus, just as with any other trend, the scammers acted quickly to abuse this chance too. Researchers have spotted the Checkrain scam fooling users who want to get their hands on the prolific Checkm8 jailbreak.

Checkrain Scam Spotted In The Wild

Researchers from Cisco Talos have discovered a new scam in the wild tricking iPhone users. They specifically discovered a click-fraud Checkrain scam that tricks users by impersonating the much-hyped jailbreak Checkm8.

As elaborated in a blog post, in this campaign, the scammers abuse the Checka1n tool that is still under development. They have even developed a website with the same name and spellings – the only difference being in the domain name. While the original tool is ‘Checkra1n’, the scammers have ‘Checkrain’ in their domain. Despite being a little different, it suffices to bluff an average user.

The exploit begins when someone visits ‘checkrain.com’. The site requires the user to download a “mobileconfig” profile. Following installation on the device, the scam app creates a shortcut on the users’ iOS springboard.

Clicking on this icon starts the app, where it displays a headless browser whilst abusing the Apple WebClip functionality that makes the users believe the app is running. It then shows numerous screens as it illustrates a so-called jailbreaking process.

The last step, however, ends up in a way that hints towards the scam. It asks the user to install two of the numerous legitimate iOS apps from the App Store, and reach level 8 to finish the jailbreak. Of course, this will leave the user playing games and the scammers making money.

The following video demonstrates the entire scenario.

Checkrain vs. Checkra1n

While both the scam and the real website seem similar, there are subtle differences between the two.

At first, the actual Checkra1n tool has the digit ‘1’ in it, and not the ‘I’. The scammers tried their best to make their site look legit, they even used SSL certification. However, the real Checkra1n website bears no SSL certificate.

Until the discovery, the scam had predominantly preyed on the users in the United States. Whereas, the researchers also noticed the campaign spreading in other regions too, including France, Venezuela, Vietnam, Iraq, Nigeria, Egypt, Turkey, Canada, Georgia, Australia, and the UK.

While the campaign presently aims at click-fraud, nobody knows when the scammers may start using it for other malicious activities too, such as MDM enrollment.

Although, visiting the site via desktop browser clearly warns the visitor (as shown below).

Thus, it is now relatively easy to stay away from this site. Still, to avoid any other scams in the future, users must know some Checkm8 facts.

It is not a single-click jailbreak process. Rather takes place in a series of steps.

The process essentially requires the iPhone to be in the DFU mode and requires an Apple USB cable for execution.

The actual jailbreak software (the Checkra1n tool) runs on a laptop or desktop, and not directly on the iOS device (unlike the claim made in this scam).

The Checkm8 jailbreak is only temporary and requires a re-jailbreak after every reboot.

Stay safe!