I am sure that you remember Alexei Borodin, the Russian hacker who managed to come up with an in-app purchase bug that allowed users to exploit each and every application found in the Store, and virtually purchase any item or service for free. After hacking thousands of apps and fooling companies with hundreds of dollars, Apple finally fixed the bug with a patch and a workaround for iOS was developed.
Now, Borodin returned, with a service called “In-Appstore for OS X”, which uses a method that’s very similar to the one previously developed for iOS, to spoof transactions made to Apple’s servers.
Although the root of the hack is the same on both systems, there are some variations integrated for Mac OS X.
First of all, the user must install two local certificates to make a certain computer point their computer’s DNS settings at Borodin’s servers, one that it pretends to be the Mac App Store and issues verifications for any purchase, without actually paying for anything.
All of these are done with a simple app, called Grim Receiper, which can be installed by the user on the local machine.