A new malware threat has emerged that targets iPhone users by stealing their biometric data and impersonating them to access their bank accounts. The trojan, named GoldPickaxe, is the first of its kind to infect iOS devices and has been spreading through malicious apps and profiles. Here is how you can protect yourself from this dangerous cyberattack.
What is GoldPickaxe and how does it work?
GoldPickaxe is a banking trojan that was discovered by security firm Group-IB, which believes it is the world’s first iOS trojan. The malware is an evolution of an Android trojan called GoldDigger, which surfaced last year and could steal biometric data and other information from victims to compromise their bank accounts.
GoldPickaxe can infect both Android and iOS devices, but it is more sophisticated and dangerous on the latter. When installed on an iPhone, the trojan can collect a user’s facial recognition data from photos, SMS text messages, intercept web activity, and more. In some cases, victims are contacted by malicious parties posing as bank representatives asking for information like pictures of ID cards. With AI-based tools, the threat actors can then create deepfakes and hack a user’s bank account.
Who is behind GoldPickaxe and who is being targeted?
Group-IB’s investigation points to a single threat actor, codenamed GoldFactory, as the mastermind behind both GoldPickaxe and its predecessor. The discovery of a new variant, GoldDiggerPlus, adds another layer of complexity, enabling real-time calls to victims on infected devices.
For now, the GoldPickaxe trojan has been targeting users in Vietnam and Thailand, by mimicking more than 50 apps from financial institutions. However, Group-IB warns that the GoldPickaxe iOS/Android trojan and the previous GoldDigger and GoldKefu trojans “are in the active stage of evolution” and could expand their operations to include English-speaking countries such as the U.S. and Canada.
How is GoldPickaxe distributed and how to protect yourself?
While the GoldPickaxe trojan was first found distributed through the iOS TestFlight beta testing system, Apple was able to shut that down (at least for now). However, the latest evolution has been GoldPickaxe being distributed through malicious iOS mobile device management (MDM) profiles.
To protect yourself from this trojan, you should follow these simple steps:
- Don’t install an iPhone app through Apple’s TestFlight unless you fully trust the developer and can verify it is legitimate
- Install apps through the App Store, and even then, it’s best to verify the developer to make sure it is what you think it is
- Don’t install an iPhone MDM profile unless you fully trust the source and can verify it’s legitimate (e.g. comes directly from your IT administrator, place of work, trusted institution, etc.)
- Don’t share personal/sensitive information (including photos of yourself or ID cards) through phone calls, video calls, or other communication if a party reaches out to you
- If you have concerns about a financial account, log in directly at the bank/institution’s website to check into the situation – don’t call numbers or click links that were sent to you
- Keep your iPhone updated with the latest software from Apple – that now includes Rapid Security Response updates that arrive in between regular releases
- Stay tuned to reliable sources of information and security updates, such as 9to5Mac1 and Group-IB
By following these precautions, you can avoid falling victim to GoldPickaxe, the first iOS banking trojan, and keep your data and money safe.