Priya PatelTLDR:
- A new trojan malware called GoldPickaxe captures facial data to break into bank accounts
- It intercepts text messages and uses social engineering to access privileged device access
GoldPickaxe is a new type of trojan malware discovered by Group-IB, designed to capture facial data for the purpose of breaking into bank accounts. It is an evolution of the existing GoldDigger malware and targets iOS and Android devices. The distribution of the malware is limited, as victims need to be lured into a multi-stage social engineering scheme to allow privileged access to their devices.
The malware captures facial biometrics to create deepfakes and defeat biometric logins. While currently focused on iOS users, GoldPickaxe has not yet cracked the App Store and has been distributed via Apple’s TestFlight app testing platform. The threat actors rely on social engineering to get targets to install a Mobile Device Management (MDM) profile containing the malware.
GoldFactory, the threat actor behind GoldPickaxe, has primarily targeted users in Vietnam and Thailand, with plans to expand to other countries. The malware does not breach Apple’s Face ID or Android’s facial recognition system but instead uses user pictures to approximate facial data. The group’s confidence scheme involves pretending to be a government authority to convince victims to install the malware.
To protect against such threats, security measures like endpoint detection and response (EDR) and runtime application self protection (RASP) are recommended for mobile devices. It is also important to educate users about the dangers of downloading apps from non-official sources and to use multi-factor authentication and encrypted communication. Keeping operating systems and applications updated with the latest security patches is also crucial.
