研究人员（Infoblox 的 Maël Le Touz 与 Elena Puga）揭示一个「蓬勃」的地下生态系，透过网站与 Telegram 贩售 iPhone 为主的解锁工具与钓鱼（phishing）套件；Infoblox 追踪到「数十个」贩售解锁服务的团体，并将超过 10,000 个钓鱼网站连结到此活动。研究指出，相关网域流量在去年增加 350%，且采「按次付费」模式，平均成本低于 US$10。

近年手机失窃数量上升，例如 London 一年约 80,000 部装置遭窃。London’s Metropolitan Police 的 Will Lyne 指出，窃贼不只要手机本体，更要银行帐户与个资；一宗案件中 4 名男子被查获处理超过 5,000 部失窃手机，并在装置上动用金融帐户资金。Trail of Bits 的 Dan Guido 估算：被锁定的手机仅值约 US$50–US$200，但若被解锁可达约 US$500 或 US$1,000，价差（约 2.5–20 倍）强化了犯罪供应链的诱因。

调查起点来自亚洲一名与执法相关人士：iPhone 失窃后，因在锁定画面留下替代联络方式而收到仿冒 Apple Find My 的钓鱼连结，页面以假地图与弹窗诱导输入 PIN。Swiss National Cybersecurity Center 亦指出，诈骗讯息常包含装置型号、颜色、储存容量等精准细节；在「无已知方法可绕过锁定」的前提下，社交工程成为主要途径。Infoblox 观察到常见组合包含：宣称可越狱旧款装置并撷取持有人资讯的工具、名为「Find My iPhone Off」的钓鱼套件、以及用于钓鱼行动的脚本与 AI 语音通话软体；工具取得存取权后往往预设抹除装置。

Infoblox researchers (Maël Le Touz and Elena Puga) describe a “thriving” underground ecosystem selling iPhone-focused unlocking tools and phishing kits across the web and Telegram. Infoblox tracked “dozens” of groups and linked more than 10,000 phishing websites to the activity; traffic to those look‑alike domains rose 350% last year. The services are sold pay‑per‑use, with an average price below US$10.

Phone theft has increased in recent years—for example, about 80,000 devices were stolen in London in a year. London’s Metropolitan Police cybercrime lead Will Lyne says thieves seek not only handsets but also bank access and personal data; one case involved four men handling more than 5,000 stolen phones and spending money from financial accounts on the devices. Trail of Bits CEO Dan Guido estimates a locked phone may be worth only US$50–US$200, but unlocking can raise it to about US$500 or US$1,000, a roughly 2.5–20× uplift that fuels a multi‑level supply chain.

The investigation began after an Asia-based law‑enforcement contact received a phishing message following an iPhone theft, triggered by alternative contact details displayed on the locked device; the link mimicked an Apple Find My page with a fake map and a pop‑up requesting the PIN. The Swiss National Cybersecurity Center similarly reports scams that include accurate device attributes (model, color, storage) read directly from the phone; with no known bypass, social engineering is the practical route. Infoblox found common toolsets: jailbreak claims for older phones to pull owner info, “Find My iPhone Off” phishing kits to capture account credentials, and scripts plus AI voice‑calling software; once access is obtained, tools often wipe the device by default.