This new malware can literally steal your face and use it in fraud. Both Android and iOS devices are affected, so be on the lookout
Cybersecurity researchers have discovered a new mobile Trojan that literally wants to steal people’s faces to hack into their accounts.
The GoldPickaxe Trojan steals biometric data and uses it to generate convincing deepfakes that can then be used to break into mobile banking applications, according to a report from Group-IB.
GoldPickaxe is available for both Android and iOS, although it has fewer features for the latter due to the closed nature of iOS. Still, the existence of the iOS version marks a rare occasion where malware targets Apple’s mobile operating system, the researchers said.
Thailand and Vietnam in danger
In addition to stealing facial recognition data, GoldPickaxe also steals identity documents and intercepts text messages, giving it more than enough information to break into mobile banking applications. The final step – actually logging into the banking app and withdrawing money – does not happen on the targets’ devices. Instead, the crooks install banking apps on their own devices and log in from there, Thai police confirmed to investigators.
The experts believe that the group behind the Trojan is most likely GoldFactory, a Chinese-speaking threat actor known for building GoldDigger, GoldDiggerPlus and GoldKefu, all banking Trojans.
In this case, GoldFactory is targeting people in the Asia-Pacific region, with people in Thailand and Vietnam most at risk.
For the malware to work, the victim still needs to grant the relevant permissions. Therefore, the attackers pose as local banks and government organizations and engage in a multi-stage social engineering program to manipulate victims into granting all necessary permissions. They do not exploit vulnerabilities in Android or iOS to install the malware; it’s all just social engineering.
We don’t know exactly how many people are affected by this campaign, or how much money the hackers managed to steal with the malware.