

CUPERTINO (dpa-AFX) - Cybersecurity company, Group-IB's researchers found a new set of aggressive trojans named GoldPickaxe, targeting iPhone and iPad users by stealing their facial recognition data to break into their bank accounts.



The researchers informed that the latest malware is a variant of an Android trojan named GoldDigger, which was found in October 2023.



Group-IB stated in a report that the malware is designed to steal facial captures from the devices in order to get an AI generated image using deepfake technology, which is later used in combination with intercepted SMS messages to gain unauthorized access to the iOS user's bank account.



Initially, the trojan was distributed through Apple's (AAPL) TestFlight, which lets developers release beta versions of their apps without going through the App Store's review process. However, the tech giant removed it from the TestFlight, prompting hackers to choose another approach based on a Mobile Device Management or MDM profile, which manages features of enterprise devices.



The hackers used these MDM profiles to encourage people to install apps from outside the App Store or visit fake web pages to capture information from their device such as SMS messages, ID documents and facial biometric data, without compromising the iPhone's FaceID data.



According to the report, the malware is currently in an 'active stage of evolution' and so far had mainly targeted users in Vietnam and Thailand.



Copyright(c) 2024 RTTNews.com. All Rights Reserved



Copyright RTT News/dpa-AFX

Video-Workshop: Das kleine Einmaleins der Charttechnik In diesem kostenlosen Video-Workshop von Stefan Klotter lernen Sie alles über Charttechnik. Lassen Sie sich diesen kostenfreien Workshop nicht entgehen! Hier klicken