[ad_1]
A cybersecurity company has discovered new iPhone and Android malware that tricks victims into scanning their faces and IDs. It is believed that this is being used to generate deepfakes for unauthorized bank access. It was reported that Android users were affected more than those using iPhone. Google is currently responding to this report.
How this malware tricks its victimsThe Trojan named ‘GoldPickaxe’, which uses social engineering schemes to trick users, is a piece of malware discovered by Singapore-based Group-IB and developed by a Chinese threat group known as ‘GoldFactory’. It is said to be part of a suite. This group is also responsible for other malware strains such as “GoldDigger,” “GoldDiggerPlus,” and “GoldKefu.”
According to Group-IB, attacks have been observed primarily targeting the Asia-Pacific region, including Thailand and Vietnam.
Attacks begin with social engineering tricks. According to a report from Bleeping Computer, distribution of the Gold Pickaxe began in his October 2023 and is still ongoing. Victims are approached through phishing messages on the LINE app. These messages are written in local languages, impersonate government agencies and services, and install fraudulent apps such as a fake “digital pension” app hosted on his website disguised as Google Play. urge the victim to
On iPhone, attackers initially directed targets to a TestFlight URL to install a malicious app, allowing them to bypass the normal security review process. According to Group-IB, his Android version of this trojan is more malicious than iOS due to Apple’s increased security restrictions, and on Android, this trojan runs over 20 of her fake apps. use as a cover.
Once installed on a device, the app operates semi-autonomously and operates in the background, capturing the victim’s face, intercepting incoming SMS, and requesting identification. After collecting the data, Group IB speculated that the hackers would use it to commit bank fraud.
Google’s opinion
A Google spokesperson told Bleeping Computer that Android users are protected from known versions of this malware. “Android users are automatically protected from known versions of this malware by Google Play Protect. Google Play Protect is enabled by default on Android devices with Google Play services. “We can warn users or block apps that are known to exhibit malicious behavior, even if those apps come from sources other than Play,” the spokesperson said. It has been reported.
How this malware tricks its victimsThe Trojan named ‘GoldPickaxe’, which uses social engineering schemes to trick users, is a piece of malware discovered by Singapore-based Group-IB and developed by a Chinese threat group known as ‘GoldFactory’. It is said to be part of a suite. This group is also responsible for other malware strains such as “GoldDigger,” “GoldDiggerPlus,” and “GoldKefu.”
According to Group-IB, attacks have been observed primarily targeting the Asia-Pacific region, including Thailand and Vietnam.
Attacks begin with social engineering tricks. According to a report from Bleeping Computer, distribution of the Gold Pickaxe began in his October 2023 and is still ongoing. Victims are approached through phishing messages on the LINE app. These messages are written in local languages, impersonate government agencies and services, and install fraudulent apps such as a fake “digital pension” app hosted on his website disguised as Google Play. urge the victim to
On iPhone, attackers initially directed targets to a TestFlight URL to install a malicious app, allowing them to bypass the normal security review process. According to Group-IB, his Android version of this trojan is more malicious than iOS due to Apple’s increased security restrictions, and on Android, this trojan runs over 20 of her fake apps. use as a cover.
Once installed on a device, the app operates semi-autonomously and operates in the background, capturing the victim’s face, intercepting incoming SMS, and requesting identification. After collecting the data, Group IB speculated that the hackers would use it to commit bank fraud.
Google’s opinion
A Google spokesperson told Bleeping Computer that Android users are protected from known versions of this malware. “Android users are automatically protected from known versions of this malware by Google Play Protect. Google Play Protect is enabled by default on Android devices with Google Play services. “We can warn users or block apps that are known to exhibit malicious behavior, even if those apps come from sources other than Play,” the spokesperson said. It has been reported.
[ad_2]
Source link
