The attack uses stolen credentials and fake face models to remotely access bank accounts.
A study by Group-IB has identified the first banking trojan to target iPhone users. GoldPickaxe, a new version of the Android trojan called GoldDigger, targets bank accounts. The malware is targeting users in Vietnam and Thailand. However, if successful, it could spread to users in the US, Canada and other countries.
GoldPickaxe works by using biometric scans and stolen identity documents to create fake facial models. These fake models allow attackers to download the target bank app on their devices and remotely access bank accounts with stolen credentials and fake facial models.
The GoldFactory group uses several methods to carry out this attack. The attackers first started by exploiting Apple’s TestFlight platform. However, when this method was blocked, they moved on to a more sophisticated social engineering tactic. This tactic involves convincing users to enroll their devices in an MDM program.
According to Group-IB’s research, the threat actor behind the GoldPickaxe trojan is a person known as GoldFactory. This threat actor is responsible for developing both the Android and iOS versions of the trojan. A new variant called GoldDiggerPlus has also been discovered. This variant makes real-time calls to its victims on infected devices.
To protect against this new threat, users can take some steps. Users should not install apps from untrusted sources such as TestFlight or MDM profiles. It is also recommended to use trusted security software. By taking these precautions, iPhone users will be safer from malware.
Group-IB researchers emphasize the importance of a proactive and multifaceted approach to cybersecurity to prevent such attacks. As a result, various measures should be taken, such as raising user awareness and integrating modern security approaches.
Source: https://www.cioupdate.com.tr/haberler/ilk-ios-trojani-face-id-ile-banka-hesaplarina-siziyorlar/