In a shocking development that has sent shockwaves through the iPhone community, the security of iOS has been compromised by the emergence of a ruthless banking Trojan specifically designed for Apple devices. Known as GoldPickaxe, this insidious software, previously known as the Android Trojan GoldDigger, has evolved and now poses a significant threat to iPhone users by draining their bank accounts without authorization.
Trojan horse is any malware that misleads users of its true intent by disguising itself as a standard program.
According to TechRadar, GoldPickaxe was first discovered in October and has since resurfaced, targeting iOS devices, particularly iPhones. This Trojan is equipped with advanced features that enable it to gather sensitive data, such as facial recognition information, identity documents, and intercepted text messages. The goal is to streamline the process of stealing funds from various banking and financial applications.
What makes GoldPickaxe particularly dangerous is its ability to manipulate biometric data. By using artificial intelligence, cybercriminals can create deepfake videos, allowing them to effectively impersonate victims and gain unauthorized access to their bank accounts. While the Trojan has primarily targeted victims in Vietnam and Thailand so far, there are concerns that this campaign may expand to include iPhone and Android users in English-speaking countries like the United States and Canada.
One of the most astonishing aspects of GoldPickaxe is its method of infiltrating iOS devices. While Android devices are often compromised through malicious apps and phishing tactics, breaching iPhones is notoriously difficult due to Apple’s closed ecosystem. However, hackers managed to exploit TestFlight, Apple’s mobile application testing platform, to initially distribute the GoldPickaxe.IOS Trojan. After its removal from TestFlight, hackers turned to social engineering techniques, persuading victims to install a Mobile Device Management (MDM) profile, which grants complete control over the compromised iPhone.
Attributed to a single threat actor known as GoldFactory, who developed both versions of the Trojan, cybersecurity firm Group-IB has discovered a new variant called GoldDiggerPlus. This upgraded malware allows hackers to make real-time calls on infected devices, adding an alarming dimension to the evolving threat.
To mitigate the growing menace of iOS malware, users are advised to exercise caution and follow essential security measures. This includes avoiding the installation of apps through TestFlight unless absolutely necessary, being wary of installing Mobile Device Management profiles unless explicitly requested by employers for company-issued iPhones, and considering the use of malware scanning solutions when connecting the iPhone to a Mac via a USB cable. Additionally, enabling Lockdown Mode and activating Apple’s Stolen Device Protection can provide additional layers of security against potential threats.
