Biometric Security Breached: iOS and Android Malware Utilizes AI to Defeat Face Recognition.

Cybersecurity researchers have discovered a new mobile trojan that literally looks to steal people’s faces to hack into their accounts.

The GoldPickaxe trojan steals biometric data and uses it to generate convincing deepfakes which can then be used to break into mobile banking applications, a report from Group-IB says.

GoldPickaxe is available for both Android and iOS, although for the latter, it has fewer features due to the closed nature of the iOS. Still, the existence of the iOS version marks a rare occasion of malware targeting Apple’s mobile operating system, the researchers said.

The group started releasing trojanized smartphone apps in June 2023. The first version, GoldDigger, focused on getting banking credentials. The latest version, GoldPickaxe or GoldPickaxe.iOS for Android and iOS, first appeared in October of that same year. It captures data used for identity verification, including face biometrics.

Who’s being targeted?

For now, the GoldPickaxe iPhone trojan has been targeting users in Vietnam and Thailand (by mimicking more than 50 apps from financial institutions).

However, Group-IB says that the GoldPickaxe iOS/Android trojan and the previous GoldDigger and GoldKefu trojans “are in the active stage of evolution” so it’s important to remain vigilant.

How is it distributed?

While the iPhone trojan was first found distributed through the iOS TestFlight beta testing system, Apple was able to shut that down (at least for now).

However, the latest evolution has been GoldPickaxe being distributed through malicious iOS mobile device management (MDM) profiles.

But as the threat evolves, distribution mechanisms may change or increase.

Effective Strategies to Safeguard Your Systems Against the ‘GoldPickaxe’ Malware

iOS Devices:

1. Don’t install an iPhone app through Apple’s TestFlight unless you fully trust the developer and can verify it is legitimate.
   • Install apps through the App Store, and even then, it’s best to verify the developer to make sure it is what you think it is
2. Don’t install an iPhone MDM profile unless you fully trust the source and can verify it’s legitimate (e.g. comes directly from your IT administrator, place of work, trusted institution, etc.)
3. Don’t share personal/sensitive information (including photos of yourself or ID cards) through phone calls, video calls, or other communication if a party reaches out to you.
4. If you have concerns about a financial account, log in directly at the bank/institution’s website to check into the situation – don’t call numbers or click links that were sent to you.
5. Keep your iPhone updated with the latest software from Apple – that now includes Rapid Security Response updates that arrive in between regular releases.

Android Devices:

1. Scrutinize Links: Be cautious when clicking on links, especially those received via phishing or smishing messages. Verify the source before proceeding.
2. Install Apps from Official Stores: Only download apps from official app stores (such as Google Play Store or Apple App Store). Avoid sideloading apps from unknown sources.
3. Regularly Update Your Devices: Keep your operating system and apps up to date. Updates often include security patches that address vulnerabilities.
4. Use Antivirus Software: Install a reputable antivirus app on your device. It can help detect and prevent malicious software like GoldPickaxe.
5. Enable Two-Factor Authentication (2FA): Whenever possible, enable 2FA for an extra layer of security. This makes it harder for attackers to gain unauthorized access.

Keep in mind that proactive measures play a crucial role in fortifying your mobile devices against threats such as GoldPickaxe.

---

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.