Beware, iPhone users: First-ever iOS GoldDigger trojan can steal face ID and bank accounts،
Many people choose iPhones over Android phones because they think iPhones are more secure. But that may no longer be the case as there is a new banking Trojan specifically designed to attack iPhone users.
According to a detailed report by cybersecurity company Group-IB (via Tom's guide), the GoldDigger Android Trojan has now been effectively adapted to target iPhone and iPad users. The company says it could be the first Trojan designed for iOS, posing a significant threat by collecting facial recognition data, identity documents and even text messages.
First found last October, the Trojan now has a new version called GoldPickaxe, tailor-made for Android and iOS devices. When it enters an iPhone or android phone, GoldPickaxe can collect facial recognition data, identity documents and intercepted text messages, all intended to simplify the recovery of funds from banking and other financial applications. To add to the problem, this biometric data is used to create AI deepfakes, allowing attackers to impersonate victims and gain access to their bank accounts.
It is important to mention that at present, the GoldPickaxe Trojan is focusing on victims in Vietnam and Thailand. Yet, as seen in other malware, if this one hits the jackpot, the cybercriminals running it could expand their reach to target both iPhone and Android users in the United States, in Europe and the rest of the world.
Android banking Trojans are usually spread through dubious apps and phishing programs. Installing a Trojan horse on an iPhone is more difficult because Apple's ecosystem is more closed than Google's. However, as hackers tend to do, they found a way.
Initially, the Trojan spread through Apple's TestFlight, a platform that allows developers to release beta versions of apps without the App Store review process. But after Apple removed it from TestFlight, hackers moved to a more advanced method involving a mobile device management (MDM) profile, typically used to manage corporate devices.
Diagram describing how GoldPickaxe.iOS infects iOS devices (Image Credit–Group-IB)
According to Group-IB, a single threat actor known as GoldFactory is behind the creation of both versions of the GoldPickaxe banking Trojan. However, following their initial research, the company's security researchers came across a new variant called GoldDiggerPlus. The “Plus” here means that the malware now allows hackers to call their victims in real time on an infected device.
Considering how profitable a banking Trojan like GoldDigger or GoldPickaxe is, especially when it can target iPhones as well as Android Phones – this probably won't be the last time we hear about this malware or the hackers behind it.
For now, even the most recent versions of iOS and iPadOS seem susceptible to this Trojan. Group-IB has notified Apple of the issue, so it's likely the company is already developing a fix.
How to protect your iPhone?
To protect your iPhone from malware, it is essential to follow a few simple steps:
- Stick to trusted app sources: Avoid installing apps from sources you don't trust.
- Avoid TestFlight: Do not install apps through TestFlight, as this platform is not approved like the App Store.
- Keep your device up to date: Install all the latest software updates released by Apple.
- Practice good cyber hygiene: Be careful and avoid unnecessary risks when using your device.
By following these steps, you can protect yourself and your iPhone from hackers and malware threats.
