[ad_1]
We’ve seen malware that attempts to steal files, money, and even personal information before, but a new mobile malware called Gold Pickaxe goes one step further. This nasty little software is active on both Android and iOS and steals the faces of its victims. Security researchers have warned that the malware could be used to create deepfake versions of victims and commit financial fraud.
This new malware was discovered by security firm Group-IB and is associated with a Chinese threat actor known as GoldFactory. The group’s latest effort builds on previous malware campaigns such as GoldDigger, GoldDiggerPlus, and GoldKefu. Although the new GoldPickaxe is primarily operational in the Asia-Pacific region, particularly Thailand, Group-IB emphasizes that the same technology can be applied anywhere.
GoldPickaxe does not exploit any security flaws in Android or iOS. This is a good old social engineering attack. Malware operators begin by sending messages on messaging apps like Line, claiming to represent a government agency. Victims using Android smartphones are directed to download an app from a website that pretends to be Google Play Store. For iPhone users, the Apple TestFlight profile was initially used to install the malware, but after Apple removed the app, attackers used malicious mobile device management (MDM) to gain control of the device. ) I switched to the profile.
At this point, victims using the fake government app are asked to provide mountains of personal data. This app can capture images of victims’ IDs and steal recently captured photos. It also asks users to take a video of their face with their phone’s camera. The interface is similar to a legitimate facial recognition unlock system, but the video is sent directly to the malware’s command and control server. The Android client has a few more features, such as SMS access, thanks to the more permissive nature of the platform.
GoldPickaxe could enable significant financial theft, as some financial institutions, especially those in South Asia, have started requiring biometrics for large transactions. Thai police reportedly confirmed that the attackers used these stolen faces to transfer funds from the victims’ accounts. Facial recognition systems that don’t use 3D data are surprisingly easy to fool.
Importantly, the malware cannot access biometric data on your phone, Bleeping Computer reports. That data is encrypted and can only be stolen through a critical vulnerability. This app is all about fooling people. Unfortunately, he seems to be pretty good at it.
[ad_2]
Source link
