Jailbreaking your phone can lead to all sorts of issues, such as not getting important security patches or further opening up your device to attack. If you did want to take that risk, you first have to find somewhere to download a jailbreaking tool that actually works. With that in mind, a marketing firm is, presumably on behalf of some clients, trying to pay journalists to write articles that link to fake jailbreaking websites.
The sites are fake in that they are not the sites of the original jailbreak creators. There isn’t an immediate indication that the files they are linking to are malicious, but it still shows a deceptive and opportunistic side of someone trying to ride the wave of the jailbreaking community.
“Hi Admin / Advertising Team, Looking for a place to publish a paid guest post about iOS Jailbreaking,” Madusanka Premaratne, the co-founder of a marketing company, wrote in an email addressed to me and VICE’s sales team.
Premaratne’s company Insfra Technologies offers services such as search engine and app store optimization, helping its customers get better rankings on each respectively, according to the company’s website. The site also contains nonsensical industry buzz terms, such as “We use AI-based analytics & internal monitoring systems to analyze the digital performance.”
Know anything about fake jailbreaks? You can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on firstname.lastname@example.org, or email email@example.com.
Premaratne’s idea was that he would pay me to occasionally link back to a series of jailbreaking related websites, he said in a follow-up email. These include a knock-off version of the site for the “Yalu” jailbreak.
“It’s a domain name squatter,” iOS hacker Luca Todesco told Motherboard in an online chat when asked about the fake website, referring to someone who registers a domain name similar to another often to mislead web users. The fake domain uses the Yalu name and is a top result on Google.
Another of the websites Premaratne wanted to pay me to promote was one for an iOS 9 hack from the Taig jailbreak group. The problem, though, is that “Taig never released an iOS 9 jailbreak,” Todesco added.
After the initial publication of this piece, Premaratne responded to my follow-up email asking what the purpose of the paid articles was.
“This is for one of my clients. And we do strategic planning and marketing for them. And I highly appreciate if you can keep the details secret as I already saw your tweets. Hope you will understand the concerns and will not reveal any relationship between us and our clients,” he wrote.
Update: This piece has been updated to include more comment from Premaratne.
Subscribe to our new cybersecurity podcast, CYBER.