Group-IB Uncovers the First iOS Trojan Harvesting Facial Recognition Data

Researchers from Group-IB published a study in October 2023 regarding an Android Trojan that was previously unidentified and that was targeted exclusively at over 50 Vietnamese financial institutions. Since the APK included an activity with the name GoldActivity, they called it 'GoldDigger'. After the Trojan was first discovered, Group-IB's Threat Intelligence unit continued to watch this developing threat and discovered a whole cluster of aggressive banking Trojans that were actively targeting the Asia-Pacific (APAC) area.

Key Findings:

• Group-IB’s Threat Intelligence unit discovered a previously unknown iOS Trojan GoldPickaxe.iOS that collects identity documents, SMS, and facial recognition data.
• The GoldPickaxe family is available for both iOS and Android platforms.
• The suite of sophisticated Trojans developed by GoldFactory has been active since mid-2023.
• GoldFactory is believed to be a well-organized Chinese-speaking cybercrime group with close connections to Gigabud.
• Social engineering is the primary method used to deliver malware to victims’ devices across the whole family of GoldFactory Trojans.
• GoldPickaxe Trojans collect face profiles, ID documents, and intercept SMS. To exploit the stolen biometric data from iOS and Android users, the threat actor creates deepfakes using AI face-swapping services to replace their faces with those of the victims. This method could be used by cybercriminals to gain unauthorized access to victims’ bank accounts.
• Following the publication of the initial report about GoldDigger, Group-IB’s researchers identified a new variant of malware named GoldDiggerPlus.

Read the full blog here !

Photo: Istock.com/Kitinut