An anonymous reader cites a report from BleepingComputer. A new iOS and Android Trojan named 'GoldPickaxe' uses a social engineering scheme to trick victims into scanning their faces and IDs. This is believed to be used to generate deepfakes for unauthorized bank access. The new malware discovered by Group-IB is part of a suite of malware developed by a Chinese threat group known as 'GoldFactory', which includes 'GoldDigger', 'GoldDiggerPlus', 'GoldKefu' and others. has been responsible for other malware strains. Group-IB analysts said they observed attacks primarily targeting the Asia-Pacific region, primarily Thailand and Vietnam. However, the techniques used may be globally effective and are at risk of being adopted by other malware. […]
For iOS (iPhone) users, attackers initially directed targets to a TestFlight URL to install a malicious app, allowing them to bypass the normal security review process. Once Apple removed the TestFlight app, the attackers switched to luring the target into downloading a malicious mobile device management (MDM) profile that would allow the threat actor to take control of the device. Once this Trojan is installed on a mobile his device in the form of a fake government app, it operates semi-autonomously and operates in the background, capturing the victim's face and intercepting incoming SMS. , request the ID document and proxy his traffic to the network. Devices infected using “MicroSocks”.
According to Group-IB, the Android version of the Trojan performs more malicious activities than the iOS version due to increased Apple security restrictions. Additionally, on Android, the Trojan uses over 20 different fake apps as cover. For example, GoldPickaxe executes commands on Android to access SMS, navigate the file system, click on the screen, upload the latest 100 photos from the victim's album, and download additional packages. It can also be installed and provide fake notifications. The use of victims' faces in bank fraud is Group IB's speculation, based on the fact that many financial institutions added biometric checks to transactions over a certain amount last year, and corroborated by Thai police. There is.