Beware, iPhone Users: iOS GoldDigger Trojan can Steal Face ID and Banking Details

Numerous people pick iPhones over Android phones because they believe iPhones are more secure.
This may no longer be the case due to the emergence of a new banking trojan designed explicitly to target iPhone users.
According to a detailed report by the cybersecurity firm Group-IB, the Android trojan GoldDigger has now been successfully repurposed to target iPhone and iPad users.
The company claims that this is the first malware designed for iOS, posing a huge threat by collecting facial recognition data, ID documents, and even SMS. The malware, discovered for the first time last October, now has a new version dubbed GoldPickaxe that is optimised for iOS and Android devices.
When installed on an iPhone or Android phone, GoldPickaxe can collect facial recognition data, ID documents, and intercepted text messages, all with the goal of making it easier to withdraw funds from banks and other financial apps.
To make matters worse, this biometric data is utilised to create AI deepfakes, which allow attackers to mimic victims and gain access to their bank accounts.
It is vital to note that the GoldPickaxe malware is now targeting victims in Vietnam and Thailand.
As with other malware schemes, if this one succeeds, the cybercriminals behind it may expand their reach to target iPhone and Android users in the United States, Europe, and the rest of the world.
Roid banking trojans are typically propagated via malicious apps and phishing campaigns.
It is more difficult to install a trojan on an iPhone since Apple's ecosystem is more locked off than Google's.
As hackers often do,they've figured out a way.
Initially, the malware was disseminated via Apple's TestFlight program, which allows developers to deploy beta app versions without going through the App Store's authorization process.
After Apple removed it from TestFlight, the hackers shifted to a more complicated way employing a Mobile Device Management profile, which is generally used to manage enterprise devices.
Given how successful a banking trojan like GoldDigger or GoldPickaxe can be, especially since it can target both iPhones and Android phones, this is unlikely to be the last time we hear about this spyware or the hackers behind it.
As of now, even the most latest versions of iOS and iPadOS appear to be vulnerable to this Trojan.
Group-IB has contacted Apple about the flaw, so a solution is likely in the works.


This Cyber News was published on www.cysecurity.news. Publication date: Sun, 18 Feb 2024 15:13:05 +0000


Cyber News related to Beware, iPhone Users: iOS GoldDigger Trojan can Steal Face ID and Banking Details

Beware, iPhone Users: iOS GoldDigger Trojan can Steal Face ID and Banking Details - Numerous people pick iPhones over Android phones because they believe iPhones are more secure. This may no longer be the case due to the emergence of a new banking trojan designed explicitly to target iPhone users. According to a detailed report by ...
9 months ago Cysecurity.news
First Ever iOS Trojan Steals Facial Recognition Data - A novel, very sophisticated mobile Trojan dubbed GoldPickaxe. iOS that targets iOS users exclusively was discovered to collect facial recognition data, intercept SMS, and gather identity documents. The Asia-Pacific region includes the majority of ...
9 months ago Gbhackers.com
iOS Trojan Collects Face and Other Data for Bank Account Hacking - Researchers at cybersecurity firm Group-IB have come across a new iOS trojan that is designed to help a Chinese cybercrime group obtain information needed to steal money from victims' bank accounts. The threat actor, tracked as GoldFactory, was first ...
9 months ago Securityweek.com
Apple iPhone to offer new security mode in its new iOS 17 update - Apple Inc. is poised to introduce a groundbreaking feature across all its iPhone models aimed at safeguarding users against potential threats of private passcode theft. The technology giant identified the rising concern of passcode theft ...
11 months ago Cybersecurity-insiders.com
Android malware and unwanted software statistics for Q1 2024 - Over 389,000 malicious installation packages were detected, of which: 11,729 packages were related to mobile banking Trojans, 1,990 packages were mobile ransomware Trojans. The rapid growth in the total number of attacks between Q2 and Q4 2023 is ...
5 months ago Securelist.com
Ten new Android banking trojans targeted 985 bank apps in 2023 - This year has seen the emergence of ten new Android banking malware families, which collectively target 985 bank and fintech/trading apps from financial institutes across 61 countries. Banking trojans are malware that targets people's online bank ...
11 months ago Bleepingcomputer.com
Latest Information Security and Hacking Incidents - In recent times, the digital realm has become a battleground where cybercriminals constantly devise new tactics to breach security measures and exploit unsuspecting users. The emergence of the GoldPickaxe Trojan serves as a stark reminder of the ...
9 months ago Cysecurity.news
29 malware families target 1,800 banking apps worldwide - Mobile banking is outpacing online banking across all age groups due to its convenience and our desire to have those apps at our fingertips, according to Zimperium. This surge is accompanied by a dramatic growth in financial fraud. The research ...
10 months ago Helpnetsecurity.com
PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions - A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of ...
1 year ago Thehackernews.com
Hugging Face dodged a cyber-bullet with Lasso Security's help - Further validating how brittle the security of generative AI models and their platforms are, Lasso Security helped Hugging Face dodge a potentially devastating attack by discovering that 1,681 API tokens were at risk of being compromised. The tokens ...
11 months ago Venturebeat.com
YouTube Not Working on iPhone? Here's How to Fix It - If the YouTube app on your iPhone is crashing or will not open, there are various fixes you can try, such as force quitting the app, rebooting your device, and updating its version. Restarting your device provides a fresh start and can address minor ...
10 months ago Hackercombat.com
Apple fixes first zero-day bug exploited in attacks this year - Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs. The zero-day fixed today is tracked as CVE-2024-23222 and is a WebKit confusion issue that ...
9 months ago Bleepingcomputer.com
Meta AI Models Cracked Open With Exposed API Tokens - Researchers recently were able to get full read and write access to Meta's Bloom, Meta-Llama, and Pythia large language model repositories in a troubling demonstration of the supply chain risks to organizations using these repositories to integrate ...
11 months ago Darkreading.com
Microsoft unveils Face Check for secure identity verification - Microsoft today announced the launch of Face Check, a new facial recognition feature for its Entra Verified ID digital identity platform. Face Check allows businesses to match a user's selfie to their government ID or employee credentials, providing ...
9 months ago Venturebeat.com
Fortifying iPhone Security: Stolen Device Protection & Essential Tips Amid Rising Theft Concerns - Numerous iPhones, often regarded as some of the best in the market, are pilfered daily on a global scale. Apple aims to address this issue with the upcoming release of iOS 17.3, introducing a feature called Stolen Device Protection. This security ...
10 months ago Cysecurity.news
Exposed Hugging Face APIs Opened AI Models to Cyberattacks - Security flaws found in both Hugging Face and GitHub repositories exposed almost 1,700 API tokens, opening up AI developers to supply chain and other attacks and putting a brighter spotlight on the need to ensure that security keeps up with the ...
11 months ago Securityboulevard.com
Apple iOS 17.3: How to Turn on iPhone's New Stolen Device Protection - Apple today launched a new tool for iPhones to help reduce what a thief with your phone and passcode can access. The feature, called Stolen Device Protection, adds extra layers of protection to your iPhone when someone tries to access or change ...
9 months ago Wired.com
Face off: Attackers are stealing biometrics to access victims' bank accounts - Biometrics have been touted as the ultimate credential - because after all, faces, fingerprints and irises are unique to every human being. Attackers are increasingly cunning, and it's becoming clear that biometric screens are just as easy to bypass ...
8 months ago Venturebeat.com
Apple Testing New Stolen Device Protection Feature for iPhones - Apple on Tuesday announced that it's testing a new security feature that should prevent iPhone thieves from gaining complete control over the victim's device and online accounts, even if the phone's passcode has been compromised. The Wall Street ...
11 months ago Securityweek.com
The best iOS fax app to protect your privacy - Unsurprisingly, many are now opting for mobile fax apps. If you're an iPhone user on the lookout for a mobile fax app, consider yourself fortunate. We have created a comprehensive guide to help you pick the best fax app for your iPhone, highlighting ...
10 months ago Itsecurityguru.org
Exposed Hugging Face API tokens jeopardized GenAI models - Lasso Security researchers discovered 1,681 Hugging Face API tokens exposed in code repositories, which left vendors such as Google, Meta, Microsoft and VMware open to potential supply chain attacks. In a blog post published Monday, Lasso Security ...
11 months ago Techtarget.com
iPhone Triangulation attack abused undocumented hardware feature - The Operation Triangulation spyware attacks targeting iPhone devices since 2019 leveraged undocumented features in Apple chips to bypass hardware-based security protections. This finding comes from Kaspersky analysts who have been reverse-engineering ...
10 months ago Bleepingcomputer.com
Apple backports fix for RTKit iOS zero-day to older iPhones - Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. The flaw is a memory corruption issue in Apple's RTKit real-time operating system that enables attackers ...
6 months ago Bleepingcomputer.com
In the rush to build AI apps, don't leave security behind The Register - There are countless models, libraries, algorithms, pre-built tools, and packages to play with, and progress is relentless. You'll typically glue together libraries, packages, training data, models, and custom source code to perform inference tasks. ...
8 months ago Go.theregister.com
Apple issued another patch to stop TriangleDB cyber snooping The Register - Apple pushed several security fixes on Wednesday, including one for all iPhone and iPads used before September last year that has already been exploited by cyber snoops. The vulnerability, tracked as CVE-2023-32434, "May have been actively exploited ...
11 months ago Theregister.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)