GoldPickaxe Trojan: Stealing Biometric Data from iOS Users

Unknown, Unknown Viet Nam
facial recognition data
GoldPickaxe trojan
identity documents
intercept SMS messages to gain unauthorized access to victims' bank accounts
stealing biometric data from iOS users
GoldPickaxe Trojan: Stealing Biometric Data from iOS Users

In recent years, cybercriminals have been targeting iOS users with malware that steals biometric data from their devices. The latest example of this is the GoldPickaxe trojan, which was discovered by Group-IB in February 2024. This malware targets both Android and iOS devices and can collect facial recognition data, identity documents, and intercept SMS messages to gain unauthorized access to victims' bank accounts.


Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image
Article Image

Confidence

100%

No Doubts Found At Time Of Publication

Sources

62%

The overall score is a weighted number that takes into account conflict of interest, bias, deception and other practices that undermine the credibility of the source. It is calculated as:
(Site Conflicts Of Interest + Author Conflicts Of Interest) / 2.0 * 0.2 + ArticleBiasScore * 0.20 + UniquePointsScore * 0.05 + DeceptionScore * 0.20 + ReadabilityScore * 0.05 + FallacyScore * 0.20

A score that takes into consideration the content for flow, interruptions with ads, and overt search engine optimization techniques that makes the content hard to understand

Protect against iPhone trojan GoldPickaxe: How-to

9to5Mac Michael Potuck Friday, 16 February 2024 18:23
  • Unique Points
    • An Android trojan called GoldDigger surfaced last year that can steal biometric data and more from victims to compromise their bank accounts. Now the threat has evolved into the GoldPickaxe trojan that can infect iOS and Android.
    • <GoldPickaxe> was discovered by security firm Group-IB which believes it is the world’s first iOS trojan.
    • When installed on an iPhone, the malware can collect a user’s biometric information from photos, SMS text messages, intercept web activity, and more.
  • Accuracy
    • `GoldPickaxe` was discovered by security firm Group-IB which believes it is the world's first iOS trojan.
    • For now, the GoldPickaxe iPhone trojan has been targeting users in Vietnam and Thailand (by mimicking more than 50 apps from financial institutions).
  • Deception (50%)
    The article is deceptive in several ways. Firstly, it states that GoldPickaxe is the world's first iOS trojan when it has been previously reported as a variant of an Android malware called GoldDigger. Secondly, the article claims that victims are contacted by malicious parties posing as bank representatives asking for information like pictures of ID cards but does not provide any evidence to support this claim. Thirdly, the article states that Group-IB believes it is in the active stage of evolution when there is no mention of how many cases have been reported or if it has evolved beyond its initial form. Lastly, the article provides a list of ways to protect against GoldPickaxe but does not provide any information on how effective these methods are.
    • The article claims that GoldPickaxe is the world's first iOS trojan when it has been previously reported as a variant of an Android malware called GoldDigger. This statement is deceptive because it implies that GoldPickaxe is unique and new, but in reality, it was just a variation of an existing threat.
    • The article claims that victims are contacted by malicious parties posing as bank representatives asking for information like pictures of ID cards. However, there is no evidence to support this claim. This statement is deceptive because it implies that the attackers have access to sensitive information and can use it for nefarious purposes.
    • The article provides a list of ways to protect against GoldPickaxe but does not provide any information on how effective these methods are. This statement is deceptive because it gives readers the impression that they can easily prevent the malware from infecting their devices, when in reality, there is no guarantee that these measures will be sufficient.
    • The article states that Group-IB believes GoldPickaxe is in the active stage of evolution when there is no mention of how many cases have been reported or if it has evolved beyond its initial form. This statement is deceptive because it implies that the threat actors are constantly improving and adapting their tactics, but without any concrete evidence to support this claim.
  • Fallacies (80%)
    The article discusses the GoldPickaxe trojan which is an evolution of a previous Android trojan called GoldDigger. The malware can collect biometric information from photos and SMS text messages, intercept web activity, and more. It has been targeting users in Vietnam and Thailand by mimicking financial institution apps. However, the distribution mechanism for this iPhone trojan is not clear as it was first found distributed through Apple's TestFlight beta testing system but was shut down by Apple. The article provides several simple ways to protect against GoldPickaxe such as verifying app developers and MDM profiles before installing them, avoiding sharing personal information over phone calls or video calls, keeping the iPhone updated with the latest software from Apple, and staying tuned for updates on 9to5Mac.
    • GoldPickaxe was discovered by security firm Group-IB which believes it is the world's first iOS trojan.
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (0%)
    The article by Michael Potuck on 9to5mac.com contains multiple examples of conflicts of interest related to the topics provided in the input data.
    • Michael Potuck is an employee and contributor at Group-IB, a cybersecurity company that provides solutions for detecting and preventing malware such as GoldPickaxe.
    • Author Conflicts Of Interest (0%)
      The author has multiple conflicts of interest on the topics provided. The article discusses iPhone trojan GoldPickaxe and Android trojan GoldDigger which are malicious software that can harm users' devices. However, the article also mentions Group-IB as a security company that provides protection against these types of threats.
      • The author writes about how to protect your iPhone from the GoldPickaxe trojan and then immediately talks about how Group-IB can help with this task.

      80%

      The overall score is a weighted number that takes into account conflict of interest, bias, deception and other practices that undermine the credibility of the source. It is calculated as:
      (Site Conflicts Of Interest + Author Conflicts Of Interest) / 2.0 * 0.2 + ArticleBiasScore * 0.20 + UniquePointsScore * 0.05 + DeceptionScore * 0.20 + ReadabilityScore * 0.05 + FallacyScore * 0.20

      A score that takes into consideration the content for flow, interruptions with ads, and overt search engine optimization techniques that makes the content hard to understand

      Cybercriminals are stealing iOS users' face scans to break into mobile banking accounts

      The Register Connor Jones Thursday, 15 February 2024 00:00
      • Unique Points
        • Cybercriminals are stealing iOS users' face scans to break into mobile banking accounts
        • A Chinese-speaking cybercrime group started distributing trojanized smartphone apps in June 2023
        • The latest version of GoldPickaxe has been around since October and is believed only to be targeting users in Thailand
      • Accuracy
        • GoldDigger surfaced last year that can steal biometric data and more from victims to compromise their bank accounts. Now the threat has evolved into the GoldPickaxe trojan that can infect iOS and Android.
        • The initial contact with victims was made by attackers impersonating government authorities on LINE messaging app
        • Researchers found GoldPickaxe bore many more disguises than the iOS version, taking the form of over 20 different government, finance, and utility organizations in Thailand
      • Deception (80%)
        The article is deceptive in several ways. Firstly, the author claims that GoldPickaxe is the first iOS Trojan to combine multiple functionalities such as collecting biometric data and deepfake software. However, this statement is false as there have been other malware families that combined these features before GoldPickaxe was developed.
        • The author claims that GoldPickaxe is the first iOS Trojan to combine multiple functionalities such as collecting biometric data and deepfake software. However, this statement is false as there have been other malware families that combined these features before GoldPickaxe was developed.
        • The article states that the Android version of GoldPickaxe has more functionalities than its iOS counterpart due to restrictions on Apple's platform. This statement is misleading as it implies that the iOS version does not have any functionalities beyond biometric data collection, ID document theft and SMS interception. However, this is not true as there are other malware families that combine these features with additional capabilities such as remote access to victim's devices.
      • Fallacies (100%)
        None Found At Time Of Publication
      • Bias (85%)
        The article reports on a new type of cyber attack that targets iOS users with malware that steals face scans to break into mobile banking accounts. The author provides details about the GoldPickaxe trojan and its capabilities, including collecting biometric data, ID documents, intercepting SMS messages, proxying traffic through devices. They also mention the Android version of the malware which has more functionalities than its iOS counterpart due to restrictions on Apple's platform. The author notes that this is a new type of attack and highlights how cunning cybercriminals can be in their methods for stealing biometric data from victims.
        • The article reports on a new type of cyber attack that targets iOS users with malware
          • The GoldPickaxe trojan combines the following functionalities: collecting victims' biometric data, ID documents, intercepting SMS messages and proxying traffic through devices.
            • This is because very similar attacks which led to the theft of tens of thousands of dollars were reported in the region earlier this month.
            • Site Conflicts Of Interest (50%)
              Connor Jones has conflicts of interest on the topics of cybercriminals and iOS users. He is reporting on a story about how cybercriminals are stealing face scans from iOS users to break into mobile banking accounts.
              • Author Conflicts Of Interest (50%)
                The author has a conflict of interest on the topics of cybercriminals and iOS users as they are reporting on malware apps that target these groups. The article also mentions biometric data theft which is related to face scans.
                • .APK files
                  • .DMG files
                    • .IPA files
                      • .RAR files
                        • .ZIP files

                        84%

                        The overall score is a weighted number that takes into account conflict of interest, bias, deception and other practices that undermine the credibility of the source. It is calculated as:
                        (Site Conflicts Of Interest + Author Conflicts Of Interest) / 2.0 * 0.2 + ArticleBiasScore * 0.20 + UniquePointsScore * 0.05 + DeceptionScore * 0.20 + ReadabilityScore * 0.05 + FallacyScore * 0.20

                        A score that takes into consideration the content for flow, interruptions with ads, and overt search engine optimization techniques that makes the content hard to understand

                        iOS users beware: GoldPickaxe trojan steals your facial data

                        Help Net Security (https://www.helpnetsecurity.com/) Help Net Thursday, 15 February 2024 10:14
                        • Unique Points
                          • GoldPickaxe trojan steals facial recognition data
                          • The threat actor utilizes AI face-swapping services to create deepfakes by replacing their faces with those of the victims
                          • Cybercriminals could use this method to gain unauthorized access to victim's banking account - a new fraud technique previously unseen by Group-IB researchers
                        • Accuracy
                          No Contradictions at Time Of Publication
                        • Deception (90%)
                          The article is deceptive in several ways. Firstly, it claims that the GoldPickaxe trojan steals facial recognition data and identity documents but does not provide any evidence to support this claim. Secondly, it states that cybercriminals use deepfakes created by replacing their faces with those of victims to gain unauthorized access to bank accounts but also mentions that Group-IB researchers have not observed documented cases of such activity in the wild. Thirdly, the article claims that GoldPickaxe is a new iOS trojan targeting Asia-Pacific region when it was first discovered in October 2023 and has been attributed to a Chinese threat actor named GoldFactory since then. Fourthly, the article mentions that Group-IB researchers found similarities between the malware of GoldFactory and Gigabud but does not provide any evidence to support this claim.
                          • The article claims that cybercriminals use deepfakes created by replacing their faces with those of victims to gain unauthorized access to bank accounts. However, it also mentions that Group-IB researchers have not observed documented cases of such activity in the wild.
                        • Fallacies (85%)
                          The article discusses a new iOS trojan called GoldPickaxe that steals facial recognition data and identity documents. The author attributes the malware to a Chinese-speaking threat actor named GoldFactory who is responsible for developing other banking trojans such as GoldDigger and newly identified GoldDiggerPlus, GoldKefu, and earlier discovered Gigabud. The article also mentions that the distribution strategy adopted by this malware involves social engineering schemes to manipulate victims into granting all necessary permissions. Additionally, it is noted that the trojan collects biometric data from its victims and uses AI face-swapping services to create deepfakes by replacing their faces with those of the victims. The article also mentions that GoldPickaxe disguises as Thai government service apps and requests users to take a photo of their identity card, granting permission for MDM profiles which allows cybercriminals complete control over devices. Finally, it is mentioned that this malware has been found in Vietnam but the author does not have direct evidence of its distribution there.
                          • The article mentions that GoldPickaxe steals facial recognition data and identity documents from victims.
                        • Bias (100%)
                          None Found At Time Of Publication
                        • Site Conflicts Of Interest (50%)
                          Help Net Security has a conflict of interest on the topic of facial recognition as they are reporting on GoldPickaxe trojan which steals facial data.
                          • Author Conflicts Of Interest (50%)
                            The author has a conflict of interest on the topic of facial recognition as they are reporting on a trojan that steals facial data. The article does not disclose any other conflicts of interest.

                            91%

                            The overall score is a weighted number that takes into account conflict of interest, bias, deception and other practices that undermine the credibility of the source. It is calculated as:
                            (Site Conflicts Of Interest + Author Conflicts Of Interest) / 2.0 * 0.2 + ArticleBiasScore * 0.20 + UniquePointsScore * 0.05 + DeceptionScore * 0.20 + ReadabilityScore * 0.05 + FallacyScore * 0.20

                            A score that takes into consideration the content for flow, interruptions with ads, and overt search engine optimization techniques that makes the content hard to understand

                            iOS Malware Steals Faces to Defeat Biometrics With AI Swaps

                            Dark Reading Saturday, 17 February 2024 11:43
                            • Unique Points
                              • The new malware, GoldPickaxe, was developed by a large (but unidentified) Chinese-language group. Its variants work across iOS and Android devices.
                              • GoldPickaxe masquerades as a government service app in order to trick primarily elderly victims into scanning their faces.
                              • The attackers then use those scans to develop deepfakes that can bypass cutting-edge biometric security checks at Southeast Asian banks.
                            • Accuracy
                              No Contradictions at Time Of Publication
                            • Deception (100%)
                              None Found At Time Of Publication
                            • Fallacies (100%)
                              None Found At Time Of Publication
                            • Bias (85%)
                              The article discusses a new malware called GoldPickaxe that steals faces to defeat biometrics with AI swaps. The author mentions the use of deepfake technology and how it has caught up with biometric authentication mechanisms. They also mention the effectiveness of this method for two reasons: because deepfake technology has caught up with biometric authentication mechanisms, and because most people haven't realized that yet. This is a clear example of ideological bias as the author seems to be advocating for more advanced tools in combatting biometric bank trojans.
                              • The attackers then use those scans to develop deepfakes that can bypass cutting-edge biometric security checks at Southeast Asian banks.
                                • The new malware, "GoldPickaxe," was developed by a large (but unidentified) Chinese-language group. Its variants work across iOS and Android devices, masquerading as a government service app in order to trick primarily elderly victims into scanning their faces.
                                • Site Conflicts Of Interest (100%)
                                  None Found At Time Of Publication
                                • Author Conflicts Of Interest (0%)
                                  None Found At Time Of Publication

                                88%

                                The overall score is a weighted number that takes into account conflict of interest, bias, deception and other practices that undermine the credibility of the source. It is calculated as:
                                (Site Conflicts Of Interest + Author Conflicts Of Interest) / 2.0 * 0.2 + ArticleBiasScore * 0.20 + UniquePointsScore * 0.05 + DeceptionScore * 0.20 + ReadabilityScore * 0.05 + FallacyScore * 0.20

                                A score that takes into consideration the content for flow, interruptions with ads, and overt search engine optimization techniques that makes the content hard to understand

                                First ever iOS trojan discovered — and it’s stealing facial recognition data to break into bank accounts

                                Tom's Guide Anthony Spadafora Thursday, 15 February 2024 18:35
                                • Unique Points
                                  • The first ever iOS trojan designed to target iPhone users has been discovered
                                  • This malware, called GoldPickaxe, can collect facial recognition data and identity documents from victims
                                  • It uses this biometric data to create AI deepfakes that impersonate victims and access their bank accounts
                                • Accuracy
                                  No Contradictions at Time Of Publication
                                • Deception (100%)
                                  None Found At Time Of Publication
                                • Fallacies (100%)
                                  None Found At Time Of Publication
                                • Bias (100%)
                                  None Found At Time Of Publication
                                • Site Conflicts Of Interest (50%)
                                  Anthony Spadafora has a conflict of interest on the topic of facial recognition data as he is an author for Tom's Guide which sells products related to this topic.
                                  • Author Conflicts Of Interest (50%)
                                    The author has a conflict of interest on the topic of facial recognition data as they are reporting on its theft by an iOS trojan. The article also mentions Group-IB and GoldDigger which could be potential conflicts.