Cybersecurity Firm Uncovers iOS Trojan GoldPickaxe Targeting Facial Recognition Data in Southeast Asia

A discovery by a cybersecurity firm suggests the emergence of a potentially groundbreaking iOS Trojan, purportedly crafted to pilfer facial recognition data from users.

Identified as GoldPickaxe, the iOS malware has been honing in on individuals primarily in Thailand, with potential implications extending to Vietnam, as disclosed by Group-IB, a cybersecurity entity headquartered in Singapore.

The motive behind this malware appears to be the acquisition of biometric data, a strategy possibly prompted by the increasing adoption of facial recognition protocols by financial institutions and governmental bodies across Southeast Asia.

According to Group-IB's findings, the malevolent actors behind GoldPickaxe leverage AI-driven face-swapping technologies to fabricate deepfakes, seamlessly substituting victims' faces with their own. This tactic, previously unbeknownst to Group-IB researchers, could facilitate unauthorized access to victims' financial accounts, introducing a novel fraudulent maneuver into the cybersecurity landscape.

GoldPickaxe has been observed masquerading as authentic Thai government service applications, coercing users into submitting photos of their identification cards and undergoing facial scans.

An Android variant of the malware has also been unearthed, exhibiting even more sophisticated functionalities. However, it is noteworthy that GoldPickaxe does not propagate through official app repositories nor does it exploit vulnerabilities within the iOS framework. Instead, the perpetrators rely on social engineering tactics to induce victims into installing the malicious application, subsequently granting it extensive permissions, facilitated through Apple's TestFlight or Mobile Device Management profiles.
Group-IB recounts an incident in Vietnam, potentially linked to the malware, wherein a user fell victim to a fraudulent facial scan after being deceived by an individual posing as a government official, who instructed them to install a counterfeit public service application.

Attribution of GoldPickaxe's origins points towards a Chinese hacking collective known as GoldFactory, notorious for disseminating numerous Trojans disguised as Vietnamese banking applications. Group-IB underscores this connection, citing the presence of debugging strings in Chinese across all malware variants and the Chinese language utilization in their command and control infrastructure.

Photo: DIW - AIgen

Read next: CPJ's Report Exposes Gaza Conflict as Deadliest for Journalists, With Palestinians Bearing Brunt, Amid Global Peril for Media
Previous Post Next Post