Security News

Fake iPhone jailbreaking scam sends users to click-fraud site

Avast Security News Team, 18 October 2019

Plus, a botnet could use your PC for sextortion scams, malware is found in audio files, and a cryptojacking worm has burrowed through 2,000 systems and counting.

The iPhone jailbreaking community is currently at work on a new jailbreak tool called Checkra1n, and a current scam pretending to offer the software baits users to a click-fraud site instead. PC Mag reported that Checkra1n is still in development and when ready will allow users to jailbreak their iPhones using the recently discovered checkm8 vulnerability. Jailbreaking an iPhone lets users modify the OS and install otherwise forbidden third-party apps. The scammer has created a malicious website called checkrain that claims users can download the tool. Clicking the download button, however, only installs a phony app on the users’ phones. When they open the app, it secretly takes them to a website that runs a misleading animation, making it look like the jailbreak tool is being installed on their device. At the end of the animation, users are presented with a run of third-party apps and prompted to install at least two of them to “finalize” the software download. For every third-party app users click, the scammer makes money. Users ultimately do not receive any jailbreaking software from the process. Avast Security Evangelist Luis Corrons says the entire operation is a bad idea. “Apart from the scams, jailbreaking an iPhone, although tempting for some users, is risky. It removes a number of fail-safes built into iOS that protect users and their phones from attacks.” 

Botnet can send 30,000 sextortion emails an hour from one PC 

Researchers have discovered that a decade-old botnet has a new function that enables it to send millions of phishing emails – specifically sextortion threats – from just one hijacked PC. The Phorpiex botnet, also known as Trik, is a worm that infects PCs through phishing emails, then downloads more payloads of malware from its command-and-control center. Bleeping Computer reported that while the Phorpiex botnet executes a myriad of malicious operations from the hijacked systems, a newly added malware uses each PC to send about 30,000 sextortion emails every hour. In a sextortion threat, the attacker claims to have a video recording of the user viewing an adult video, alleging that the video was captured with the user’s own webcam. The attacker then extorts a Bitcoin payment in return for not sending the video to the user’s contacts. According to Bleeping Computer, sextortion scams have swindled almost $100,000 out of users since April. “More than a decade ago botnets flooded the Internet with spam messages,” says Avast’s Corrons. “Nothing has changed since then, other than the addition of sextortion we have warned about a number of times.” 

This week’s stat 

Throughout 2018, researchers observed an average of over 100 million bogus sign-on attempts a day to online accounts, including three days where the attempts topped 250 million a day. Read more

Attackers hide malware in WAV audio files

Cybersecurity experts have observed a trend where attackers plant malware in WAV files, ZDNet reported. The word for this kind of ruse is steganography, the act of hiding information in another medium. Researchers noted that the goals of these attacks vary from international cyber-espionage to cryptomining. In order to pull the malware from the WAV file and activate it, the computer system must already be infected with other malware programmed to do so. Developing steganography files is a sophisticated procedure that takes a high level of skill and knowledge. Experts worry that, as it becomes more familiar to hackers, these attacks will soon become commoditized like ransomware. The key to avoiding this kind of attack, ZDNet advised, is to ensure that the initial malware needed to activate the steganography never makes it onto one’s system in the first place. 

This week’s quote

“I’ve never seen or heard of anything like this.” – Police Lt. Ryan Gagnon of Auburn Hills, Mich., on an electronic billboard hacked to play porn. Read more about the good, the bad, and the ugly of Cybersecurity Awareness Month. 

2,000 Docker hosts infected with cryptojacking worm

A new Dark Reading report describes a cryptojacking attack that has wormed its way through 2,000 Docker software container hosts used by companies across China, the U.S., and Ireland. Researchers discovered that the malware, known as the Graboid worm, is rudimentary but effective. It searches for company systems that are not properly secured, then infects them easily and uses them to mine the cryptocurrency Monero. Experts urge all companies that have their systems connected to the internet to limit the outside parties that have access to their Docker hosts. 

This week’s ‘must-read’ on The Avast Blog

Before you charge into the big sales of holiday shopping season, prepare for Black Friday with our guide to easy and safe online shopping.


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.