First-Ever Trojan in iOS Discovered, Stealing Face ID Data for Bank Account Intrusion
Austin JayIn the ever-evolving landscape of cybersecurity threats, iPhone users face a new adversary: GoldPickaxe. Originating as an Android trojan known as GoldDigger, this sophisticated malware has undergone significant modifications, becoming the first banking trojan tailored to exploit iOS devices.
Recent findings by Group-IB shed light on the trojan's enhanced capabilities, marking a concerning development in cross-platform cyber threats.
GoldPickaxe, a refined iteration of GoldDigger, has emerged as a potent threat to Android and iOS users. Initially discovered in October, the trojan has since evolved, earning its name due to its newfound capacity to extract valuable information from victims. Once installed on an iPhone or an Android device, GoldPickaxe engages in malicious activities, collecting sensitive data such as facial recognition information, identity documents, and intercepted text messages. These ill-gotten details are then employed to facilitate unauthorized access to victims' financial and banking applications.
One of the significant technological scares in the Trojan situation is its incorporation of biometric data as potential AI-driven deepfake generators. Criminals can invent realistic voices of the victims to get past the bounds of security systems and accomplish illegal entries into bank accounts.
The cross-platform tactfulness of GoldPickaxe presents a detrimental threat to people regardless of the device (Android and iOS) since the troops' complexities deliver flexibility across systems.
Currently, GoldPickaxe's primary concern is victims in Vietnam and Thailand. Nevertheless, although cybersecurity experts may have a different opinion about this, they say that containing these hackers' resources could only spur them to broaden their operations.
Countries that use English as their official language, like the USA and Canada, could see more of this kind of banking trojan if actions are not taken to stop it.
Also Read: AI Security Pact: US, UK, And Other Countries Sign 'Secure By Design' Agreement
Unlike Android trojans, which commonly leverage malicious apps and phishing attacks, infiltrating iPhones proves more challenging due to Apple's closed ecosystem.
During the initial stages of the GoldPickaxe campaign, hackers exploited Apple's TestFlight platform, a tool for testing applications. This allowed the distribution of the GoldPixaxe.IOS trojan. Yet, the hackers pivoted to more sophisticated tactics as security measures caught up.
With TestFlight access revoked, the cyber criminals turned to social engineering, convincing victims to install a Mobile Device Management (MDM) profile. Businesses' IT departments typically use MDM to manage company devices, providing a gateway for complete control over targeted iPhones. The adaptability of hackers underscores the persistence and ingenuity employed to bypass Apple's stringent security protocols.
The creation of this malware is a pointer to the constant evolution of mobile threats, with attacks spreading to areas that were once considered immune to Android threats. iPhone users are there, before now, at risk of falling victim to these cybercriminals' activity.
Apple may contribute to the solution as the company seeks the problem. At the same time, users need to be very careful regarding cyber security to secure their devices and personal data. By being aware of pitfalls, following security regulations, and exploring the available tools, users can consolidate their iPhones against iOS threats, developing an inexhaustible way to protect themselves from the constantly changing digital threats.
Related Article: Apple's 'NameDrop': Convenient Contact Swapping Or Security Concern?
most read
related stories
more stories from News
MediaTek introduces the Dimensity 7300 and 7300X chipsets, offering enhanced gaming, advanced photography, and improved power efficiency for mid-range smartphones. Featuring a 4nm process, 4x Arm Cortex-A78 cores, and MediaTek HyperEngine optimizations, these chipsets set new standards for performance and connectivity.
ernest hamiltonInstagram introduces a new feature to limit interactions with non-close friends, enhancing privacy and safety for users by allowing control over comments, DMs, tags, and mentions.
ernest hamiltonDiscover Scuf's latest innovation, the Nomad controller, designed to revolutionize mobile gaming with full-size, drift-free sticks, customizable paddles, and ergonomic design. Preorder now and experience pro-level gaming on your smartphone!
ernest hamiltonOver 90 malicious Android apps, including the Anatsa banking trojan, were found on Google Play with 5.5 million installs. These apps use sophisticated evasion tactics to steal sensitive information and perform on-device fraud. Read more on how these threats infiltrate devices and what steps you can take to protect yourself.
ernest hamiltonA newly discovered iOS exploit allows developers to create animated app icons by bypassing Apple's restrictions. Researcher Bryce Bostwick demonstrates how to suppress user alerts and enable background icon changes, raising questions about potential impacts on user experience and device performance.
ernest hamiltonDiscover the cutting-edge features and specifications of the upcoming Oppo Pad 3, set to redefine the landscape of flagship tablets. From its powerful Snapdragon 8 Gen 3 chipset to its stunning 3K display and innovative camera capabilities, explore how Oppo is poised to revolutionize user experience. Stay tuned as we delve into the details of this highly anticipated release, promising unparalleled performance and craftsmanship.
ernest hamiltonGet ready for Apple's WWDC 2024 as the tech giant prepares to reveal groundbreaking updates to iOS, macOS, iPadOS, watchOS, and visionOS. Expect enhanced AI integration, hardware advancements, and developer insights at this year's conference.
ernest hamiltonDiscover the latest from Poco with a comprehensive comparison of the F6 and F6 Pro. Explore their performance, display, charging capabilities, and pricing to find out which flagship smartphone suits you best.
ernest hamilton