Criminals Stealing iPhone Users’ Facial Data to Hack Bank Accounts |


Singapore-based cybersecurity firm, Group-IB, has uncovered a potential threat to iOS users in the form of GoldPickaxe, marking the first-ever iOS Trojan designed to steal facial data from users. This malicious software has been highlighted as a significant risk, primarily affecting users in Thailand and Vietnam. Also, the GoldPickaxe also has an Android version.
This Trojan relies on AI to steam facial dataThe differentiating factor about this Trojan is that it uses AI face-swapping services, that allows cybercriminals to create deepfakes by replacing victims’ faces with their own. This alarming technique introduces a new and potent threat to victims’ bank accounts.
It is important to note that the Trojan is not exploting any of iPhone’s operating system’s vulnerabilities. According to the report, the Trojan pretends to be the official Thai government service app, tricking victims into submitting photos of their ID cards and facial scans.
The report mentions that the GoldPickaxe.iOS is distributed through Apple’s TestFlight or by social-engineering the victims to install an MDM profile.

Potenital link to the Chinese hacking group

Group-IB, in the report, has highlighted that there could be a link between the GoldPickaxe and a Chinese hacking group known as GoldFactory. The group is also known for affecting Vietnamese banking apps with Trojan malware before.
Group-IB has mentioned in the report that “Debugging strings in Chinese were found throughout all the malware variants and their C2 (command and control) panels were also in Chinese.”

Why this can become a big problem

Biometric authentication has become the go to more for authenticating any transaction or other authorisations. Attackers managing to get their hands on users’ biometric data and face-swapping it with their own raises a big concern over the data privacy and security, especially when it comes to keeping the money safe in bank accounts. But this could move beyond this as we use biometric authentication to authenticate several other transactions and even keep our devices safe and secure from prying eyes. Also, this can bypass two factor authentication using the stolen biometric data and that can lead to money frauds.
Simple fact checking, checking the authenticity of the person or the institution and also not installing random apps and sharing sensitive information with it can preven you from falling prey to this Trojan malware.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *