Thieves Use Cheap Tools from Telegram to Unlock Stolen iPhones

Anuj May 15, 2026
www.news4hackers.com-thieves-use-cheap-tools-from-telegram-to-unlock-stolen-iphones-thieves-use-cheap-tools-from-telegram-to-unlock-stolen-iphones
Post Views: 2

Unlocking Stolen iPhones Using Cheap Tools Sold on Telegram

In a disturbing trend, a thriving underground marketplace on Telegram has been found to be selling unlocking tools and phishing infrastructure to facilitate the monetization of stolen iPhones.

The Illicit Market

This illicit market caters to the needs of thieves who seek to bypass Activation Lock and sell the devices on the black market.

The primary objective of the thieves is not to access the device’s sensitive data, but rather to obtain a quick profit by selling the device itself. The value of the data held within these devices is secondary to the value of the hardware.

According to researchers at Infoblox, “The thieves are not interested in accessing the device’s sensitive data, but rather in selling the device itself.”

The phishing sites used by these thieves are sophisticated, closely resembling Apple’s legitimate Find My service. These sites display the supposedly moving device on a spoofed map, requesting the phone’s passcode. If entered, the thieves gain complete control over the device.

Phishing Sites and Smishing Campaigns

  • The phishing sites used by these thieves are sophisticated, closely resembling Apple’s legitimate Find My service.
  • These sites display the supposedly moving device on a spoofed map, requesting the phone’s passcode.
  • If entered, the thieves gain complete control over the device.

Infoblox reports detecting over 800,000 Apple lookalike domains annually. Analysis of DNS characteristics tied to these domains revealed a cluster of related phishing pages using Apple lookalike domains. Further investigation uncovered more than 10,000 domains associated with the tools and phishing infrastructure.

The Offerings on the Telegram-Based Marketplace

  • A Windows-based unlocking tool capable of automatically jailbreaking older iPhones and extracting identifying information from connected devices.
  • “FMI OFF” (Find My iPhone Off) and “iCloud Webkit” services are marketed as phishing and smishing kits designed to convince legitimate owners to surrender their Apple account credentials and screen lock passcodes.
  • Smishing campaigns involving sending targeted phishing messages to the owners of the stolen devices.

To unlock recent iPhone models, the thieves rely on smishing campaigns, which involve sending targeted phishing messages to the owners of the stolen devices. These messages often contain convincing login pages and prompts, making it difficult for the owners to distinguish them from genuine notifications from Apple.

The Cost of Unlocking Recent iPhones

The average cost to unlock a recent iPhone ranges from $5 to $50, with the majority of sellers charging below $10. However, some operators attempt to exploit demand by selling trojanized versions of unlocking tools or advertising supposed “zero-day” exploits that do not exist.

Researchers note that if such an exploit existed, its price would likely reach seven figures rather than a few hundred dollars.

Trojans and Phishing Templates

  • Tool developers have created smishing templates impersonating Apple, Xiaomi, Samsung, and other brands.
  • These templates can be customized using victim names, addresses, passcode length, spoofed iPhone map locations, and preferred languages to make phishing messages appear more credible.

Some tools contain mechanisms designed to detect DNS blocking and automatically request removal from Google Safe Browsing blocklists.

Rise in DNS Telemetry

Researchers observed a significant increase in DNS telemetry linked to verified smishing domains, rising by 350% in 2025 compared to the previous year.



Blog Image

About Author

Anuj

See author's posts

More Stories

www.news4hackers.com-open-ai-hacked-via-tanstack-supply-chain-vulnerability-open-ai-hacked-via-tanstack-supply-chain-vulnerability

Open AI Hacked via TanStack Supply Chain Vulnerability

Anuj May 15, 2026
www.news4hackers.com-rocky-linux-introduces-new-security-repository-with-urgent-fixes-rocky-linux-introduces-new-security-repository-with-urgent-fixes

Rocky Linux Introduces New Security Repository with Urgent Fixes

Anuj May 15, 2026
www.news4hackers.com-teampcp-publishes-open-source-shai-hulud-worm-project-teampcp-publishes-open-source-shai-hulud-worm-project

TeamPCP Publishes Open-Source Shai-Hulud Worm Project

Anuj May 15, 2026

Latest Cyber Security News

www.news4hackers.com-thieves-use-cheap-tools-from-telegram-to-unlock-stolen-iphones-thieves-use-cheap-tools-from-telegram-to-unlock-stolen-iphones

Thieves Use Cheap Tools from Telegram to Unlock Stolen iPhones

Anuj May 15, 2026
www.news4hackers.com-open-ai-hacked-via-tanstack-supply-chain-vulnerability-open-ai-hacked-via-tanstack-supply-chain-vulnerability

Open AI Hacked via TanStack Supply Chain Vulnerability

Anuj May 15, 2026
www.news4hackers.com-rocky-linux-introduces-new-security-repository-with-urgent-fixes-rocky-linux-introduces-new-security-repository-with-urgent-fixes

Rocky Linux Introduces New Security Repository with Urgent Fixes

Anuj May 15, 2026
www.news4hackers.com-microsoft-exchange-server-zero-day-vulnerability-exploited-in-attacks-microsoft-exchange-server-zero-day-vulnerability-exploited-in-attacks

Microsoft Exchange Server Zero-Day Vulnerability Exploited in Attacks

Anuj May 15, 2026
www.news4hackers.com-teampcp-publishes-open-source-shai-hulud-worm-project-teampcp-publishes-open-source-shai-hulud-worm-project

TeamPCP Publishes Open-Source Shai-Hulud Worm Project

Anuj May 15, 2026
en_USEnglish
en_USEnglish