Fake iOS Jailbreak Turns Apple Devices into Click Fraud Machines

Written by Bill Toulas
Last updated September 23, 2021

Malicious actors are already exploiting the recently disclosed “checkm8” vulnerability that affects almost all iPhones and iPads. As reported by Cisco Talos researchers, hackers are promoting a fake iOS jailbreak called “checkra1n”, promising to unlock people’s devices and bypass Apple’s restrictions. What happens instead are the modification of the BootROM and the installation of a new profile onto the victim’s device. While the actors could gradually take full control of the compromised device, for now, they are limiting themselves to making money out of click fraud activities that take place on it.

The website that hosts the malware is "checkrain[.]com", and internet security solutions have already blacklisted it. The website itself looks legit, and even includes images of renown developers who obviously have nothing to do with this project in reality. What the supposed jailbreak does after its installation is to abuse the “Apple Web Clip” function and load a web page to full screen without a search bar or a URL bar. The following video shows what steps the software takes in order to establish the deception.

The end result is not a jailbreak, but multiple redirects and verification chains, all part of click fraud activities. If you tried that and you ended up having the app called “POP! Slots” installed on your device, you have fallen victim to this malicious campaign. According to Cisco’s telemetry data, most of the victims are located in the United States, UK, France, Nigeria, Vietnam, Venezuela, Egypt, Georgia, Australia, Turkey, Netherlands, and Italy.

cisco map

Source: Cisco Talos blog

Remember, if your device is powered by A5, A11, and anything in between, you are vulnerable to checkm8 exploits. That said, the category of users who should be extra careful right now are those who are using older Apple devices. In general, Apple discourages its customers from downloading and installing jailbreaking tools, but their stance in not allowing its users any customization freedom is driving large numbers of people to trust software sources that shouldn’t be trusted. In our view, Apple has a responsibility for what is going on in their community right now, as they could easily eliminate these risks if they wanted to.

Do you have something to comment on the above? Let us know of your view in the section down below, or on our socials, on Facebook and Twitter.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: