[ad_1]
A new malware named GoldPickaxe is significantly impacting Android and iOS devices. The GoldPickaxe malware, discovered by Group-IB (via BleepingComputer), tricks users into installing a rogue app that scans their face and ID. This sensitive information is used to create deepfakes that allow threat actors to gain unauthorized access to banking apps.
The GoldPickaxe malware is developed by the Chinese hacker group GoldFactory, which is also responsible for the GoldDigger, GoldDiggerPlus, and GoldKefu malware. At the moment, the group appears to be primarily targeting Thailand and Vietnam, but these techniques could be used by GoldFactory or other malicious groups to target other countries. .
That being said, here’s how the GoldPickaxe malware works and what you should be aware of in the coming months.
How GoldPickaxe malware works on Android and iOS
From June 2023 until now, the GoldFactory malware group distributed multiple threat packages, most of which targeted only Android users. However, the latest GoldPickaxe malware from October 2023 targets both Android and iOS users.
Currently, phishing and smishing messages are causing damage on the LINE app, a popular messaging app in Japan, Taiwan, and Thailand. These messages, written in the user’s local language, impersonate government officials and trick victims into installing fraudulent apps like his Digital Pension app below from his website, which is similar to Google Play. Masu.
GoldPickaxe malware can target iPhone users in two ways. First, it instructs the victim to open the Her TestFlight URL, which installs the legitimate Her TestFlight app in addition to the malware. If the TestFlight method does not work, the GoldFactory group sends a malicious mobile device management (MDM) profile, and when the iPhone user downloads it, the threat group gains control of the device.
If someone unknowingly installs this Trojan, it can read incoming SMS messages, control the phone’s background features, request identification, and capture the victim’s face. Masu. BleepingComputer points out that “it is her Group-IB belief that the victim’s face is used for bank fraud,” which is “corroborated by Thai police.”
Despite the fact that GoldPickaxe malware can capture the victim’s face and steal images, it cannot access official biometric data on Android or iOS. Biometric data is encrypted and stored separately from running apps.
According to Group-IB, Android users are at higher risk than iOS users, in part because Apple has higher security restrictions, and also because GoldPickaxe has installed more than 20 different apps on Android. Because you are using a fake app. Additionally, the iOS 17 update added these three innovative security features to many iPhones.
[ad_2]
Source link
