Highlights

• GoldPickaxe Trojan now targets both iOS and Android devices, compromising security.
• Harvests sensitive data including facial recognition, ID documents, and SMS.
• Utilizes sophisticated social engineering to gain device control.
• Requires vigilant protection strategies including regular updates and two-factor authentication.

In a significant shift from the perceived security of iPhones, cybersecurity experts are raising alarms about a new threat specifically designed to infiltrate iOS devices.

The GoldPickaxe Trojan, previously known to afflict Android users as GoldDigger, has evolved, extending its malicious reach to iPhone and iPad users.

This development challenges the long-held belief that iOS platforms offer superior protection against such threats.

Understanding GoldPickaxe: A Dual-Threat to iOS and Android

GoldPickaxe marks a troubling advancement in cyber threats, targeting personal data on mobile devices across both major platforms.

Initially distributed through Apple’s TestFlight, the trojan has since adopted more sophisticated infiltration methods.

After being ousted from TestFlight, attackers resorted to social engineering strategies to persuade users to install a Mobile Device Management (MDM) profile.

This maneuver grants attackers complete control over the device, a tactic previously less common in the iOS ecosystem.

The Risks of GoldPickaxe

The primary objective of the GoldPickaxe Trojan is to harvest sensitive information, including facial recognition data, ID documents, and SMS content.

This information facilitates unauthorized access to banking and financial applications, posing a significant risk to personal finances.

Moreover, the collected biometric data opens the door to creating AI-generated deepfakes, which just gives it a bigger potential for identity theft and fraud.

How To Protect Against GoldPickaxe Trojan

Safeguarding against the GoldPickaxe Trojan necessitates heightened vigilance and adherence to cybersecurity best practices.

• Users are advised to scrutinize links in emails, text messages, and on social media, avoiding clicks on anything suspicious.
• Installing apps exclusively from the Google Play Store or Apple App Store is crucial, as is a careful examination of app permissions during installation. 
• Additional recommendations include limiting online interactions with unknown contacts, using official bank contact numbers for communication, and immediate action to secure accounts at the first sign of fraud.
• In addition to these strategies, it’s imperative for users to regularly update their device’s operating system and apps to the latest versions. 
• These updates often include critical security patches that address vulnerabilities which could be exploited by trojans like GoldPickaxe. 
• Employing robust antivirus software on smartphones can also provide an added layer of defense by detecting and neutralizing malware before it can cause harm. 
• Furthermore, enabling two-factor authentication (2FA) on all sensitive accounts adds a crucial barrier against unauthorized access, ensuring that even if data is compromised, the potential for financial theft is significantly reduced.

FAQs

What is the GoldPickaxe Trojan?

The GoldPickaxe Trojan is a cybersecurity threat that targets mobile devices, harvesting sensitive data to gain unauthorized access to financial applications and create AI-generated deepfakes for identity theft.

How does GoldPickaxe infiltrate iOS and Android devices?

Initially distributed through Apple’s TestFlight, the GoldPickaxe Trojan now uses social engineering to persuade users into installing a Mobile Device Management (MDM) profile, granting attackers complete control over the device.

What risks does the GoldPickaxe Trojan pose to users?

GoldPickaxe poses significant risks by harvesting personal data for unauthorized financial access and creating deepfakes, leading to potential financial loss and identity theft.

How can users protect themselves from the GoldPickaxe Trojan?

Users can protect against GoldPickaxe by scrutinizing links, installing apps from official stores, regularly updating their devices, using antivirus software, and enabling two-factor authentication.

What are the best practices to safeguard against mobile trojans like GoldPickaxe?

Best practices include avoiding suspicious links, limiting interactions with unknown contacts, using official contact numbers for banking, and taking immediate action to secure accounts at signs of fraud.

Who is behind this trojan and who is it targeting?

The Group-IB researchers have attributed this trojan to a single threat actor, codenamed GoldFactory, and it is targeting devices predominantly located in the Asia-Pacific region.

“While the current evidence points to a particular focus on two APAC countries, there are emerging signs that GoldFactory’s geography of operations may be extended beyond Vietnam and Thailand,” the company added in its blog post.

How does this trojan work?

Initially, the scammers who developed the GoldPickaxe.iOS trojan used Apple’s mobile application testing platform, TestFlight, to distribute malware.

However, when Apple detected the fraudulent activity and removed the malicious app from TestFlight, the hackers moved to using a multi-stage social engineering scheme to persuade victims to install a Mobile Device Management (MDM) profile.

This allowed the hackers to gain complete control over the victim’s device.

What are the key things we know about the iOS trojan ?

— It collects identity documents, SMS, and facial recognition data.
— It is available for both iOS and Android platforms. The trojan for Android devices is called GoldDigger Android Trojan and the one for iOS devices is called GoldPickaxe.iOS.
— This trojan can be used to gain unauthorised access to victims’ bank accounts.
— Group-IB’s researchers have identified a new variant of this malware named GoldDiggerPlus. This malware extends the functionality of GoldDigger and it lets the scammers to call its victims in real time.

How Does GoldPickaxe Attack iPhones?

While installing malicious apps and other phishing techniques are common methods for breaking into Android devices, breaking into iPhones is more difficult because of Apple’s tightly regulated ecosystem.

Nevertheless, astute hackers were able to spread the GoldPickaxe.io Trojan at first by successfully taking advantage of TestFlight, Apple’s mobile application testing infrastructure.

After being kicked out of TestFlight, the hackers used social engineering techniques to get victims to install a Mobile Device Management (MDM) profile, which gave them complete access to the iPhone that had been compromised.

The cybersecurity company Group-IB discovered a new GoldPickaxe variation, which they attribute to a lone threat actor called GoldFactory, who is in charge of creating both versions of the virus.

This variety is known as GoldDiggerPlus. The software has been modified to allow hackers to make live calls from compromised devices, adding a worrying new element to the ever-changing threat landscape.

Also Read: iPhone Theft Scam Alert: Protect Your Device with AppleCare+ Theft and Loss Coverage

Also Read: SpyNote Malware Targets Android Users By Recording Your Calls, Taking Screenshots