A thriving underground ecosystem of software sellers is helping criminals unlock stolen iPhones and launch phishing attacks against their owners, according to research published in 2026 by cybersecurity firm Infoblox. The company has tracked dozens of groups selling unlocking tools — mostly targeting iPhones — and has linked more than 10,000 phishing websites to the activity. Traffic to those domains increased 350 percent last year.
The tools are available across the web and on Telegram on a pay-per-use basis, with an average cost below $10. Infoblox staff threat researcher Maël Le Touz says buyers appear to come from around the world and are typically operating at small scale. “Most of the people looking to unlock phones clearly don’t have thousands of phones in their hands,” Le Touz said.
The financial incentive is significant. Dan Guido, CEO of security firm Trail of Bits and a strategic adviser to mobile security firm iVerify, says a locked stolen phone may fetch only $50 to $200, but an unlocked one can be worth $500 to $1,000. That gap drives investment across multiple layers of a criminal supply chain, Guido said.
Phishing is a central part of that chain. After a phone is stolen, criminals send messages to the owner mimicking Apple’s Find My page — complete with a false map showing the device’s location — and prompt them to enter their PIN. The Swiss National Cybersecurity Center has noted that scammers can read the device’s model, color, and storage capacity directly from the phone to make these messages appear credible.
Will Lyne, head of economic and cybercrime at London’s Metropolitan Police, said phone thieves are after more than hardware. “They want access to bank accounts and personal information,” he said, citing one case involving four men who handled more than 5,000 stolen phones and used them to access financial accounts. London alone saw around 80,000 devices stolen in a single year.
Infoblox began investigating the unlocking economy after a law-enforcement contact in Asia reported their iPhone had been stolen and they subsequently received a phishing message designed to capture their iCloud credentials and remove the device lock.
Source: WIRED