Biometrics has become a truly valuable resource for cybercriminals.
Cybercriminals have begun attacking iPhone owners with malware that steals 3D scans of individuals for unauthorized access to bank accounts.
This became known from a study of the company Group-IB, which deals with cybersecurity. Experts found out that a Chinese hacker group called GoldFactory has been distributing infected smartphone apps since June 2023. The latest modification of their malware, GoldPickaxe, appeared in October.
GoldPickaxe targets Android devices, while GoldPickaxe.iOS targets iPhone devices. Fraudsters trick victims into going through a biometric identification procedure. The 3D scans obtained in this way are then used to bypass security in official applications of banks in Vietnam and Thailand.
The iOS version of the Trojan so far attacks only Thailand, disguising itself as an application for receiving digital pensions from the government. However, it is suspected that the malware has also penetrated Vietnam. Recently, there have been reports of similar incidents involving the theft of tens of thousands of dollars.
According to Group-IB experts, GoldPickaxe. iOS was the first detected Trojan for iPhone, which simultaneously collects biometric data, user documents, intercepts SMS messages and uses infected devices as proxy servers. The Android version has even more extensive functionality due to the fact that the platform has fewer restrictions.
Although malware for Android is more widespread due to the ability to install apps from unofficial sources, the Trojan for the closed iOS ecosystem came as a particularly unpleasant surprise to cybersecurity experts.
In the case of Android, the attackers simply distributed a disguised GoldPickaxe through a fake Google Play store. But to download GoldPickaxe. iOS to the iPhone, more sophisticated methods of social engineering were required.
At first, hackers abused Apple's TestFlight beta platform. When this loophole was closed, the scammers came up with a different scheme. They convinced victims to install an MDM application for remote management using various tricks. This allowed the malware to be delivered unnoticed to infected devices. The first contact with victims was usually made through the popular Asian messenger LINE.
Having gained access to 3D facial scans, hackers used generative AI technologies to create realistic digital models. These models allowed them to bypass biometric protection in official banking applications and gain access to user accounts. In addition, fraudsters used stolen personal data and intercepted SMS messages to remotely control the finances of victims.
Cybercriminals have begun attacking iPhone owners with malware that steals 3D scans of individuals for unauthorized access to bank accounts.
This became known from a study of the company Group-IB, which deals with cybersecurity. Experts found out that a Chinese hacker group called GoldFactory has been distributing infected smartphone apps since June 2023. The latest modification of their malware, GoldPickaxe, appeared in October.
GoldPickaxe targets Android devices, while GoldPickaxe.iOS targets iPhone devices. Fraudsters trick victims into going through a biometric identification procedure. The 3D scans obtained in this way are then used to bypass security in official applications of banks in Vietnam and Thailand.
The iOS version of the Trojan so far attacks only Thailand, disguising itself as an application for receiving digital pensions from the government. However, it is suspected that the malware has also penetrated Vietnam. Recently, there have been reports of similar incidents involving the theft of tens of thousands of dollars.
According to Group-IB experts, GoldPickaxe. iOS was the first detected Trojan for iPhone, which simultaneously collects biometric data, user documents, intercepts SMS messages and uses infected devices as proxy servers. The Android version has even more extensive functionality due to the fact that the platform has fewer restrictions.
Although malware for Android is more widespread due to the ability to install apps from unofficial sources, the Trojan for the closed iOS ecosystem came as a particularly unpleasant surprise to cybersecurity experts.
In the case of Android, the attackers simply distributed a disguised GoldPickaxe through a fake Google Play store. But to download GoldPickaxe. iOS to the iPhone, more sophisticated methods of social engineering were required.
At first, hackers abused Apple's TestFlight beta platform. When this loophole was closed, the scammers came up with a different scheme. They convinced victims to install an MDM application for remote management using various tricks. This allowed the malware to be delivered unnoticed to infected devices. The first contact with victims was usually made through the popular Asian messenger LINE.
Having gained access to 3D facial scans, hackers used generative AI technologies to create realistic digital models. These models allowed them to bypass biometric protection in official banking applications and gain access to user accounts. In addition, fraudsters used stolen personal data and intercepted SMS messages to remotely control the finances of victims.
