The cybersecurity firm, Group-IB, has discovered a highly intrusive new trojan, named GoldPickaxe, targeting iPhone and iPad users. The trojan seeks to steal users' facial recognition data in an attempt to breach their bank accounts.
The detection came on the back-end of the identification of its Android variant, the GoldDigger trojan, detected in October 2023. The malware is designed in such a way as to capture facial recognition data, which in turn is used to build up an AI-generated image using deepfake technology. The trojan utilizes hacked SMS messages along with these images to unlawfully penetrate the bank accounts of iOS users.
Initially, the trojan was disseminated via Apple’s TestFlight, a service that allows developers to release beta versions of their apps without going through the App Store's review process. However, once it was eliminated from TestFlight, the hackers re-strategized and started using a Mobile Device Management (MDM) profile path. This is essentially a profile that administers enterprise device features.
The hackers leveraged these MDM profiles to lure individuals into downloading apps from sources other than the App Store. They were also redirected to counterfeit web pages designed to harvest their information, inclusive of standard text messages, ID documentation, and facial biometric data. Interestingly, the hackers managed to achieve their objectives without actually jeopardizing the iPhone's FaceID data.
The report suggests that the malware's evolution is rapidly unfolding, and at present appears to be primarily focused on users from Vietnam and Thailand.
