Group-IB uncovered a new iOS Trojan named GoldPickaxe.iOS that intercepts SMS and steals users’ facial recognition data and identity documents.
Group-IB’s Threat Intelligence discovered that the threat actor uses AI face-swapping services to create deepfakes, exploit the stolen biometric data, and access victims’ bank accounts.
Growing threat in Asia-Pacific
Overall, Group-IB identified four Trojan families since June 2023, targeting victims in Vietnam and Thailand that actively use facial recognition for transaction verification and login authentication.
After the initial discovery of GoldDigger Trojan in June 2023, Group-IB identified a new advanced variant of the Android malware named GoldDiggerPlus, with an embedded second Trojan inside called GoldKefu. GoldDiggerPlus and Kefu work together to achieve their full capabilities.
Gold Factory gang
Andrey Polovinkin, malware analyst of the Threat Intelligence team at Group-IB, traces the surge in mobile trojans targeting the Asia-Pacific region to GoldFactory.
“The gang has well-defined processes and operational maturity and constantly enhances its toolset to align with the targeted environment, showcasing a high proficiency in malware development. The discovery of a sophisticated iOS Trojan highlights the evolving nature of cyber threats targeting the Asia-Pacific region,” he says.
He adds that Group-IB’s Threat Intelligence found that GoldPickaxe will soon reach Vietnam while actively incorporating its techniques and functionality into malware targeting other regions.”
