Malware hides as iOS jailbreak, Sucuri is insecuri, and China is about to get even worse

Malware hides as iOS jailbreak, Sucuri is insecuri, and China is about to get even worse

Plus, new allegations in Iran and American hacking war


Roundup Here's your Register security roundup to kick off your week.


Malware hides as iOS jailbreak tool


The team over at Cisco Talos has spotted a clever bit of trickery being used by an iOS click fraud operation. Researchers say a piece of malware called "Checkrain" has been making the rounds spoofing a popular iOS jailbreaking tool called "checkra1n".


"The site even claims to be working with popular jailbreaking researchers such as “CoolStar” and Google Project Zero’s Ian Beer," Talos explains.


"The page attempts to look legitimate, prompting users to seemingly download an application to jailbreak their phone. However, there is no application, this is an attempt to install malicious profile onto the end-user device."


Fortunately, the operation doesn't do anything too destructive. The profile will pretend to perform the jailbreak, then run the phone through a number of affiliate links before finally installing a game. The attacker, meanwhile, would get an affiliate fee for the clickthroughs and game installs.


WordPress publishes security update


CMS app WordPress has posted its 5.2.4 update with a number of security fixes.


There's nothing too worrisome in the patch, mostly cross-side scripting and information disclosure flaws, but it is always worth updating your software.


Sucuri hit by DDoS flood


Web security provider Sucuri says earlier this week it had the tables turned when someone pointed a DDoS cannon at the company's own threat protection service.