Hackernoon logoHow the Top Result In Google Could Be a Scam Website by@mthagreat

How the Top Result In Google Could Be a Scam Website

M THA GREAT Hacker Noon profile picture

@mthagreatM THA GREAT

.

Checkra1n is a project that utilizes the checkm8 exploit for jailbreaking iOS devices. There exists exactly one official site with instructions and downloads for jailbreaking your iOS device. These downloads include macOS and Linux binaries for jailbreaking your device while connected to your computer.

So what would many of you do, if you heard of checkra1n and want to jailbreak your device? You would google for it.

So what happens if you google it? If you google "checkrain" or "checkra1n" you will see in your first two or three results (like in the image above), two different webpages that both seem to be legitimate on your first sight when you follow the links of the results.

Caution! Only the first result (https://checkra.in/) will bring you to the official website and is legitimate. The other result (https://checkrain.com/) is a scam website!

On this scam website they trick you into going to the website with your iOS device and downloading a malicious profile, to then perform click fraud.

While this is already known by many people and it is warned on reddit and bleepingcomputer, it is still easy to fall for this trick if you are an unexperienced person and if you do not google if the malicious site is legitimate.

Also there is something new.

Now the scam site does not only try to trick you to download the malicious profile, but it also tries to trick you into downloading a Linux binary. I did not analyze the binary because of time issues, but a quick look into the strings tell you that there is a IPA file included. I compared the strings to the ones you find in the Linux binary of the official website and they seem to be similar.

So probably this binary is stolen from the official website, modified slightly and will jailbreak your device successfully. However your Linux device and your iOS device will be probably infected with malware. I also uploaded the malicious binary to VirusTotal and it is currently not detected as malicious from any anti virus system.

Conclusion

Always double check if a website is legitimate if you download something from it.

Tags

Join Hacker Noon

Create your free account to unlock your custom reading experience.