iOS Breakthrough: First Trojan Steals Facial Recognition Data to Hack Bank Accounts

News, Security, Technology

Many individuals choose the best iPhones over Android devices primarily because of security reasons. It appears that the situation may be shifting with the recent discovery of a banking trojan specifically aimed at iPhone users.

You can open Table of Contents show

A recent report from Group-IB reveals that the Android trojan GoldDigger has been updated with enhanced features, allowing it to more effectively empty victims’ bank accounts. Discovered in October, a new variation of the trojan has been named GoldPickaxe, tailored for Android and iOS devices.

After being installed on a smartphone, GoldPickaxe is capable of gathering facial recognition data, identity documents, and intercepted text messages. This information is then used to facilitate the unauthorized transfer of funds from banking and financial applications. Unfortunately, the biometric data is later utilized to generate AI deepfakes that mimic victims and gain access to their bank accounts.

Currently, the GoldPickaxe trojan is specifically targeting victims in Vietnam and Thailand. Yet, like other malware campaigns, if this one is successful, the cybercriminals could potentially broaden their operations to target iPhone and Android users in the U.S., Canada, and other English-speaking nations.

For those with an iPhone or an Android device, here’s important information about a new banking trojan and tips to ensure iPhone users stay protected, especially since they may be unfamiliar with this type of threat.

TestFlight to Mobile Device Management

Android banking trojans are usually spread through malicious apps and phishing attacks, but it’s harder to get a trojan onto an iPhone because Apple’s ecosystem is more closed-off compared to Google’s. Once again, hackers have managed to find a way.

At the start of this malware campaign, the individuals responsible used Apple’s mobile application testing platform TestFlight to spread the GoldPixaxe.IOS trojan. Getting a malicious app onto Apple’s App Store is quite challenging, but it can be done by exploiting the iPhone maker’s TestFlight program. Initially successful during the campaign, the removal of the malicious app from TestFlight prompted the hackers to devise a more advanced method for spreading their iOS trojan.

After losing TestFlight access, the hackers convinced their victims to install a Mobile Device Management (MDM) profile through social engineering tactics. If you’re not familiar with it, MDM is a methodology and set of tools used by a business’ IT department to manage company phones, computers, and other devices. When a victim fell for the new tactic, the hackers gained complete control over their iPhone.

Group-IB reports that one threat actor known as GoldFactory has created both versions of the GoldPickaxe banking trojan. After publishing their initial research, the company’s security researchers found a new variant of the malware called GoldDiggerPlus. However, with the top streaming services, the addition of “plus” now allows hackers to make real-time calls to their victims on an infected device.

Considering the potential profitability of a banking trojan such as GoldDigger or GoldPickaxe, particularly when it can target both iPhones and Android phones, it is probable that we will continue to hear about this malware and the hackers responsible for it.

How to Protect iPhone from Malware?

What steps do you take now that your iPhone is susceptible to malware, similar to an Android phone? Thankfully, Apple is probably already aware of this trojan and is working on a solution. Here are some extra suggestions to assist in safeguarding you and your devices.

Firstly, avoid installing any apps via TestFlight. It’s simple to steer clear of this situation. You need to download TestFlight before installing any unapproved apps on your iPhone, as per Apple’s support document. Not many individuals have a personal connection with an app developer who might seek their assistance. Therefore, it’s advisable to decline if someone requests that you install TestFlight on your iPhone or iPad. Similarly, you can add an MDM profile to your iPhone. Only your employer should request this, and only if you have a company-issued iPhone.

Although there is no direct counterpart to the top Android antivirus apps for iOS because of Apple’s limitations on malware scanning apps, there is a solution. Intego Mac Internet Security X9 or Intego Mac Premium Bundle X9 are considered two of the top Mac antivirus software solutions. They allow you to perform malware scans on an iPhone or iPad, but only when the device is connected to a Mac using a USB cable. If you’re concerned about malware on your iPhone, this feature alone could justify signing up for either product.

If you are more vulnerable than other iPhone users, it could be a good idea to activate Lockdown Mode. This feature may limit the functionality of some apps. It’s important to activate Apple’s Stolen Device Protection to feel more secure in case your iPhone is stolen.

Malware targeting iPhones has become a real threat, but by following good cybersecurity practices and avoiding unnecessary risks, you can keep yourself and your devices protected from hackers.