Researchers discovered a Trojan for iOS that steals users’ biometrics
Group-IB researchers discovered the GoldPickaxe trojan, which steals the biometric data of iPhone users. It is emphasized that criminals use them to create deepfakes.
The GoldPickaxe Trojan attacked users from Thailand. The virus is disguised as the use of public services of the country. In addition, victims of the attack were recorded on the territory of Vietnam. Hackers started their activity in June 2023 and continue till now.
The malicious application asks users to register. To do this, it is necessary to take a photo of the ID card and make a scan of the person. This data, as the researchers note, is used to create deep fakes. With them, attackers can pass checks in banking applications and in government services. In addition, the program intercepts SMS.
Initially, the Trojan was distributed through the TestFlight iOS application testing system. It helped bypass moderation in the AppStore. After numerous complaints, the app was removed from the platform, and hackers began using social engineering techniques to profile the company’s mobile device management system. Already with its help, you can install a program on the victim’s smartphone.
Initially, the GoldDigger Trojan family existed only for Android smartphones. By now, attackers were able to port it to iOS and began expanding the geography of their attacks. It is assumed that the Trojan is being developed by the Chinese hacker group GoldFactory, which previously released phishing banking programs.
Group-IB researchers reported all known details to Apple representatives. The company published a detailed study on its blog.