How criminals are stealing iPhone users 'facial data' to hack into their bank accounts

11 months ago 21

Singapore-based cybersecurity firm, Group-IB, has uncovered a potential threat to

iOS users

in the form of GoldPickaxe, marking the first-ever iOS Trojan designed to steal

facial data

from users. This malicious software has been highlighted as a significant risk, primarily affecting users in Thailand and Vietnam. Also, the

GoldPickaxe

also has an Android version.

This Trojan relies on AI to steam facial dataThe differentiating factor about this Trojan is that it uses AI face-swapping services, that allows cybercriminals to create deepfakes by replacing victims' faces with their own. This alarming technique introduces a new and potent threat to victims’

bank accounts

.
It is important to note that the Trojan is not exploting any of iPhone’s operating system’s vulnerabilities. According to the report, the Trojan pretends to be the official Thai government service app, tricking victims into submitting photos of their ID cards and facial scans.
The report mentions that the GoldPickaxe.iOS is distributed through Apple’s TestFlight or by social-engineering the victims to install an MDM profile.

Potenital link to the Chinese hacking group

Group-IB, in the report, has highlighted that there could be a link between the GoldPickaxe and a Chinese hacking group known as GoldFactory. The group is also known for affecting Vietnamese banking apps with Trojan malware before.
Group-IB has mentioned in the report that “Debugging strings in Chinese were found throughout all the malware variants and their C2 (command and control) panels were also in Chinese.”

Why this can become a big problem

Biometric authentication has become the go to more for authenticating any transaction or other authorisations. Attackers managing to get their hands on users' biometric data and face-swapping it with their own raises a big concern over the data privacy and security, especially when it comes to keeping the money safe in bank accounts. But this could move beyond this as we use biometric authentication to authenticate several other transactions and even keep our devices safe and secure from prying eyes. Also, this can bypass two factor authentication using the stolen biometric data and that can lead to money frauds.
Simple fact checking, checking the authenticity of the person or the institution and also not installing random apps and sharing sensitive information with it can preven you from falling prey to this Trojan malware.

Article From: timesofindia.indiatimes.com

Read Entire Article

Note:

We invite you to explore our website, engage with our content, and become part of our community. Thank you for trusting us as your go-to destination for news that matters.

Certain articles, images, or other media on this website may be sourced from external contributors, agencies, or organizations. In such cases, we make every effort to provide proper attribution, acknowledging the original source of the content.

If you believe that your copyrighted work has been used on our site in a way that constitutes copyright infringement, please contact us promptly. We are committed to addressing and rectifying any such instances

To remove this article:
Removal Request