A new vulnerability has been discovered which exists across legacy iOS hardware and while some have used it to jailbreak their devices, Cisco Talos recently discovered that cybercriminals have set up a fake website looking to capitalize on users trying to jailbreak their iPhones.
However, instead of actually jailbreaking a user's device, the site just prompts users to download a malicious profile that the attackers then use to conduct click fraud.
Checkm8 is a bootrom vulnerability that impacts all legacy models of the iPhone from the 4S through the X.
The campaign discovered by Cisco Talos tries to capitalize off of a project called checkrain which uses the checkm8 vulnerability to modify an iPhone's bootrom and load a jailbroken image onto the device.
The Checkm8 vulnerability can be exploited using an open source tool called “ipwndfu” developed by AxiomX but the attackers being tracked by Cisco Talos run a malicious website called checkrain.com that preys on users searching for the legitimate checkrain project.
The fake checkrain site tries to appear to be legitimate by claiming to work with popular jailbreaking researchers such as “CoolStar” and Google Project Zero's Ian Beer.