iPhone users beware! New iOS malware can steal face ID, bank account details

Apple’s iPhones are the go-to devices when it comes to security and data privacy. Apple fortifies its ecosystem by releasing frequent updates and fixing bugs, which if left unresolved can be exploited by hackers. Despite this, hackers have managed to engineer a trojan — first for iOS — that can not only steal users’ financial data but also their biometric data or their face ID data.

Researchers at a security research firm, Group-IB have found a trojan dubbed as ‘GoldPickaxe.iOS’ that is capable of collecting facial recognition data, identity documents, and intercepting SMS.  In a blog post, the researchers explained that ‘to exploit the stolen biometric data, the threat actor uses AI-driven face-swapping services to create deepfakes’. “This data combined with ID documents and the ability to intercept SMS, enables cybercriminals to gain unauthorised access to the victim’s banking account – a new technique of monetary theft,” the company wrote. While this trojan also has a version targeted at Android devices, it is the first time that a trojan has been engineered for iPhones.

Who is behind this trojan and who is it targeting?

The Group-IB researchers have attributed this trojan to a single threat actor, codenamed GoldFactory, and it is targeting devices predominantly located in the Asia-Pacific region. “While the current evidence points to a particular focus on two APAC countries, there are emerging signs that GoldFactory’s geography of operations may be extended beyond Vietnam and Thailand,” the company added in its blog post.

How does this trojan work?

Initially, the scammers who developed the GoldPickaxe.iOS trojan used Apple’s mobile application testing platform, TestFlight, to distribute malware. However, when Apple detected the fraudulent activity and removed the malicious app from TestFlight, the hackers moved to using a multi-stage social engineering scheme to persuade victims to install a Mobile Device Management (MDM) profile. This allowed the hackers to gain complete control over the victim’s device.

Key things we know about the iOS trojan

— It collects identity documents, SMS, and facial recognition data.

— It is available for both iOS and Android platforms. The trojan for Android devices is called GoldDigger Android Trojan and the one for iOS devices is called GoldPickaxe.iOS.

— This trojan can be used to gain unauthorised access to victims’ bank accounts.

— Group-IB’s researchers have identified a new variant of this malware named GoldDiggerPlus. This malware extends the functionality of GoldDigger and it lets the scammers to call its victims in real time.

How to protect yourself from GoldDigger trojan?

— Do not click on suspicious links received in emails, text messages, and social media posts.
— Download apps only from official platforms such as the Google Play Store and Apple App Store.
— Carefully review the requested permissions when installing a new application. Be careful if an app requests Accessibility Service.
— Do not add unknown people to your messengers.
— When contacting your bank, find and use their official contact number. Do not click on the bank alert/pop-up if you think your device has been infected.
— Lastly, if you believe you have been defrauded, contact your bank to freeze any bank accounts that your device has accessed.