A cybersecurity company has spotted what might be the first iOS Trojan that’s designed to steal facial-recognition data from users. The iOS malware, dubbed GoldPickaxe, has been targeting users in Thailand and possibly Vietnam, according to Group-IB, a cybersecurity provider based in Singapore. The malware will harvest biometric data, likely because banks and government agencies in Southeast Asia have been adopting facial-recognition scans to unlock customer access. “To exploit the stolen biometric data, the threat actor utilizes AI face-swapping services to create deepfakes by replacing their faces with those of the victims,” Group-IB says in the report. “This method could be used by cybercriminals to gain unauthorized access to the victim’s banking account—a new fraud technique, previously unseen by Group-IB researchers.”
(Credit: Group-IB)
The company has so far observed GoldPickaxe disguising itself as Thai government service apps, and then requesting that users take a photo of their ID card and undergo a facial scan. An Android version was also uncovered with even more capabilities. However, the malware isn’t circulating on official app stores. Nor does it exploit any iOS vulnerabilities. Instead, the creators of the malware have been tricking victims into installing the malicious app and then granting all the necessary configurations, including powerful device permissions via Apple’s TestFlight or Mobile Device Management profile system.
Recommended by Our Editors
Group-IB also cites one incident in Vietnam that may be connected to the malware. Last month, a user in the country reported being tricked into a facial scan after someone pretending to be a government official told him to install a public service app that turned out to be fake. Group-IB suspects the malware comes from a Chinese hacking group, dubbed GoldFactory, that previously circulated numerous Trojans posing as Vietnamese banking apps. “Debugging strings in Chinese were found throughout all the malware variants and their C2 (command and control) panels were also in Chinese,” the security company says.
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
