In a significant shift from the perceived security of iPhones, cybersecurity experts are raising alarms about a new threat specifically designed to infiltrate iOS devices.
The GoldPickaxe Trojan, previously known to afflict Android users as GoldDigger, has evolved, extending its malicious reach to iPhone and iPad users.
This development challenges the long-held belief that iOS platforms offer superior protection against such threats.
GoldPickaxe marks a troubling advancement in cyber threats, targeting personal data on mobile devices across both major platforms.
Initially distributed through Apple’s TestFlight, the trojan has since adopted more sophisticated infiltration methods.
After being ousted from TestFlight, attackers resorted to social engineering strategies to persuade users to install a Mobile Device Management (MDM) profile.
This maneuver grants attackers complete control over the device, a tactic previously less common in the iOS ecosystem.
The primary objective of the GoldPickaxe Trojan is to harvest sensitive information, including facial recognition data, ID documents, and SMS content.
This information facilitates unauthorized access to banking and financial applications, posing a significant risk to personal finances.
Moreover, the collected biometric data opens the door to creating AI-generated deepfakes, which just gives it a bigger potential for identity theft and fraud.
Safeguarding against the GoldPickaxe Trojan necessitates heightened vigilance and adherence to cybersecurity best practices.
The GoldPickaxe Trojan is a cybersecurity threat that targets mobile devices, harvesting sensitive data to gain unauthorized access to financial applications and create AI-generated deepfakes for identity theft.
Initially distributed through Apple’s TestFlight, the GoldPickaxe Trojan now uses social engineering to persuade users into installing a Mobile Device Management (MDM) profile, granting attackers complete control over the device.
GoldPickaxe poses significant risks by harvesting personal data for unauthorized financial access and creating deepfakes, leading to potential financial loss and identity theft.
Users can protect against GoldPickaxe by scrutinizing links, installing apps from official stores, regularly updating their devices, using antivirus software, and enabling two-factor authentication.
Best practices include avoiding suspicious links, limiting interactions with unknown contacts, using official contact numbers for banking, and taking immediate action to secure accounts at signs of fraud.
The Group-IB researchers have attributed this trojan to a single threat actor, codenamed GoldFactory, and it is targeting devices predominantly located in the Asia-Pacific region.
“While the current evidence points to a particular focus on two APAC countries, there are emerging signs that GoldFactory’s geography of operations may be extended beyond Vietnam and Thailand,” the company added in its blog post.
Initially, the scammers who developed the GoldPickaxe.iOS trojan used Apple’s mobile application testing platform, TestFlight, to distribute malware.
However, when Apple detected the fraudulent activity and removed the malicious app from TestFlight, the hackers moved to using a multi-stage social engineering scheme to persuade victims to install a Mobile Device Management (MDM) profile.
This allowed the hackers to gain complete control over the victim’s device.
— It collects identity documents, SMS, and facial recognition data.
— It is available for both iOS and Android platforms. The trojan for Android devices is called GoldDigger Android Trojan and the one for iOS devices is called GoldPickaxe.iOS.
— This trojan can be used to gain unauthorised access to victims’ bank accounts.
— Group-IB’s researchers have identified a new variant of this malware named GoldDiggerPlus. This malware extends the functionality of GoldDigger and it lets the scammers to call its victims in real time.
While installing malicious apps and other phishing techniques are common methods for breaking into Android devices, breaking into iPhones is more difficult because of Apple’s tightly regulated ecosystem.
Nevertheless, astute hackers were able to spread the GoldPickaxe.io Trojan at first by successfully taking advantage of TestFlight, Apple’s mobile application testing infrastructure.
After being kicked out of TestFlight, the hackers used social engineering techniques to get victims to install a Mobile Device Management (MDM) profile, which gave them complete access to the iPhone that had been compromised.
The cybersecurity company Group-IB discovered a new GoldPickaxe variation, which they attribute to a lone threat actor called GoldFactory, who is in charge of creating both versions of the virus.
This variety is known as GoldDiggerPlus. The software has been modified to allow hackers to make live calls from compromised devices, adding a worrying new element to the ever-changing threat landscape.
Also Read: iPhone Theft Scam Alert: Protect Your Device with AppleCare+ Theft and Loss Coverage
Also Read: SpyNote Malware Targets Android Users By Recording Your Calls, Taking Screenshots
Highlights Lightweight and portable design, ideal for work and gaming Vivid 1800p OLED display with…
Highlights Samsung Galaxy Watch 7 rumoured to debut 3nm Exynos W1000 processor. 3nm technology offers…
Highlights Apple Vision Pro headset receives quality and safety certification in China. CEO Tim Cook…
Highlights Meta introduces a chronological "Recent" tab in Threads' Search function. Threads now prioritizes timely…
Highlights iPhone 16 Pro Max rumoured to have a 6.9-inch display, 0.2mm larger than its…
Highlights Samsung's "UnCrush" ad humorously responds to Apple's "Crush" campaign. Ad features a girl finding…