Plus, new allegations in Iran and American hacking war
Roundup Here's your Register security roundup to kick off your week.
Malware hides as iOS jailbreak tool
The team over at Cisco Talos has spotted a clever bit of trickery being used by an iOS click fraud operation. Researchers say a piece of malware called "Checkrain" has been making the rounds spoofing a popular iOS jailbreaking tool called "checkra1n".
"The site even claims to be working with popular jailbreaking researchers such as “CoolStar” and Google Project Zero’s Ian Beer," Talos explains.
"The page attempts to look legitimate, prompting users to seemingly download an application to jailbreak their phone. However, there is no application, this is an attempt to install malicious profile onto the end-user device."
Fortunately, the operation doesn't do anything too destructive. The profile will pretend to perform the jailbreak, then run the phone through a number of affiliate links before finally installing a game. The attacker, meanwhile, would get an affiliate fee for the clickthroughs and game installs.
WordPress publishes security update
CMS app WordPress has posted its 5.2.4 update with a number of security fixes.
There's nothing too worrisome in the patch, mostly cross-side scripting and information disclosure flaws, but it is always worth updating your software.