First Ever iOS Trojan Steals Facial Recognition Data

A novel, very sophisticated mobile Trojan dubbed GoldPickaxe.
iOS that targets iOS users exclusively was discovered to collect facial recognition data, intercept SMS, and gather identity documents.
The Asia-Pacific region includes the majority of those impacted by this harmful activity.
On the other hand, two APAC countries that deserve particular consideration are Vietnam and Thailand.
The GoldPickaxe family, which comes in iOS and Android variants, is based on the GoldDigger Android Trojan and receives frequent modifications to improve its functionality and avoid detection.
Live attack simulation Webinar demonstrates various ways in which account takeover can happen and practices to protect your websites and APIs against ATO attacks.
Group-IB has linked the entire threat cluster to a single threat actor known as GoldFactory, which has created an advanced collection of mobile banking malware.
The traditional Android banking Trojan GoldDigger exploits Accessibility Service to provide hackers access to the device.
Another Android malware that increases GoldDigger's capability is called GoldDiggerPlus.
GoldDiggerPlus features an embedded Trojan called GoldKefu, which contains web fakes and allows real-time voice conversations with victims.
A Trojan called GoldPickaxe was created for the iOS and Android operating systems used to obtain and exfiltrate biometric data and personal information from victims.
Thai financial institutions extensively utilize facial recognition for login authentication and transaction verification.
Because of this, GoldPickaxe's facial recognition video capture and unique features give attackers the chance to access bank accounts without authorization.
Hackers are using their own Android smartphones to install banking apps, and they are exploiting the captured face scans to get over facial recognition security measures and gain unauthorized access to victims' accounts.
Cybercriminals pose as government officials in Thailand and convince victims to utilize LINE, one of the nation's most widely used chat services.
The LINE user needs to add another as a friend to initiate a chat.
Another technique is manipulating Apple devices using Mobile Device Management.
MDM is an all-inclusive and centralized approach to controlling and safeguarding mobile devices inside an organization, including tablets and smartphones.
Thus, a proactive and comprehensive strategy for cybersecurity must include user education and integrated current security techniques to proactively identify the introduction of new Trojans and alert end users.
Stay updated on Cybersecurity news, Whitepapers, and Infographics.


This Cyber News was published on gbhackers.com. Publication date: Mon, 19 Feb 2024 06:28:08 +0000


Cyber News related to First Ever iOS Trojan Steals Facial Recognition Data

Is Facial Biometrics the Future of Digital Security? - Facial biometrics brings about a revolution in digital processes, granting businesses a competitive edge while meticulously safeguarding privacy. Within the dynamic sphere of digital technology, businesses are continually seeking innovative solutions ...
8 months ago Cysecurity.news
First Ever iOS Trojan Steals Facial Recognition Data - A novel, very sophisticated mobile Trojan dubbed GoldPickaxe. iOS that targets iOS users exclusively was discovered to collect facial recognition data, intercept SMS, and gather identity documents. The Asia-Pacific region includes the majority of ...
10 months ago Gbhackers.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
Microsoft Adds Face Check to Entra Verified ID - Microsoft has added facial matching to its Entra Verified ID service, which lets organizations create and issue verifiable credentials to validate claims such as employment, education, certifications, and residence. The new Face Check feature is ...
10 months ago Darkreading.com
FTC's Rite Aid Ruling Rightly Renews Scrutiny of Face Recognition - The Federal Trade Commission on Tuesday announced action against the pharmacy chain Rite Aid for its use of face recognition technology in hundreds of stores. The regulator found that Rite Aid deployed a massive, error-riddled surveillance program, ...
1 year ago Eff.org
Not Black Mirror: Meta's smart glasses used to reveal someone's identity just by looking at them | Malwarebytes - The search engine uses Artificial Intelligence (AI) for facial recognition combined with reverse image search technology to find other photos of a person published online, based on a picture submitted by the user. The Harvard students have dubbed the ...
2 months ago Malwarebytes.com
Beware, iPhone Users: iOS GoldDigger Trojan can Steal Face ID and Banking Details - Numerous people pick iPhones over Android phones because they believe iPhones are more secure. This may no longer be the case due to the emergence of a new banking trojan designed explicitly to target iPhone users. According to a detailed report by ...
10 months ago Cysecurity.news
Details of Ransomania and iOS Face ID Scans stolen by hackers - The global menace of ransomware continues to plague companies of all sizes and industries. To effectively counter this threat, it is crucial to raise awareness among individuals and organizations and equip them with the necessary tools to defend ...
10 months ago Cybersecurity-insiders.com
Android malware and unwanted software statistics for Q1 2024 - Over 389,000 malicious installation packages were detected, of which: 11,729 packages were related to mobile banking Trojans, 1,990 packages were mobile ransomware Trojans. The rapid growth in the total number of attacks between Q2 and Q4 2023 is ...
6 months ago Securelist.com
FTC bans Rite Aid from using facial recognition surveillance for five years - Pharmacy chain Rite Aid is getting a timeout from AI facial recognition surveillance tech thanks to federal regulators. The U.S. Federal Trade Commission today announced a settlement with Rite Aid stating the chain recklessly deployed AI biometric ...
1 year ago Venturebeat.com
iOS Trojan Collects Face and Other Data for Bank Account Hacking - Researchers at cybersecurity firm Group-IB have come across a new iOS trojan that is designed to help a Chinese cybercrime group obtain information needed to steal money from victims' bank accounts. The threat actor, tracked as GoldFactory, was first ...
10 months ago Securityweek.com
Face off: Attackers are stealing biometrics to access victims' bank accounts - Biometrics have been touted as the ultimate credential - because after all, faces, fingerprints and irises are unique to every human being. Attackers are increasingly cunning, and it's becoming clear that biometric screens are just as easy to bypass ...
10 months ago Venturebeat.com
UK to allow facial recognition on 50m drivers - Britain is poised to conduct facial recognition checks on its 50 million drivers in the upcoming year, with the aim of leveraging this initiative to apprehend criminals based on images captured in the CCTV surveillance database. The Home Office and ...
11 months ago Cybersecurity-insiders.com
Microsoft unveils Face Check for secure identity verification - Microsoft today announced the launch of Face Check, a new facial recognition feature for its Entra Verified ID digital identity platform. Face Check allows businesses to match a user's selfie to their government ID or employee credentials, providing ...
10 months ago Venturebeat.com
Biometric Security in Educational Environments - Biometric technology has gained significant attention in recent years as a potential solution to enhance security in educational environments. The adoption of biometric security in educational settings raises important privacy and ethical concerns. ...
11 months ago Securityzap.com
Tech Privacy: Navigating the Age of Digital Surveillance - Users generate and share a significant amount of personal data with third-party companies, highlighting the importance of understanding data ownership and privacy. Technology offers benefits such as data encryption, two-factor authentication, and ...
1 year ago Securityzap.com
How machine learning helps us hunt threats | Securelist - In this post, we will share our experience hunting for new threats by processing Kaspersky Security Network (KSN) global threat data with ML tools to identify subtle new Indicators of Compromise (IoCs). The model can process and learn from millions ...
2 months ago Securelist.com
Building a Sustainable Data Ecosystem - Finally, I outline future research and policy refinement directions, advocating for a collaborative and responsible approach to building a sustainable data ecosystem in generative AI. In recent years, generative AI has emerged as a transformative ...
9 months ago Feeds.dzone.com
Tech upgrades for first responders are a necessity, not a luxury - Public safety professionals want technology upgrades and adoption of federal standards for first responder IT security, reporting and efficiency, according to Mark43. First responders face growing concerns amidst cybersecurity surge. The ...
11 months ago Helpnetsecurity.com
iOS Malware Steals Faces to Defeat Biometrics With AI Swaps - Chinese hackers have developed a sophisticated banking Trojan for tricking people into giving up their personal IDs, phone numbers, and face scans, which they're then using to log into those victims' bank accounts. Its variants work across iOS and ...
10 months ago Darkreading.com
How Passkeys are Revolutionizing Authentication - Today, authentication technology has become a vital part of online security. The need to secure user data against malicious actors has led to a rapidly evolving authentication landscape. Passkeys are a form of authentication that is revolutionizing ...
1 year ago Csoonline.com
Latest Information Security and Hacking Incidents - In recent times, the digital realm has become a battleground where cybercriminals constantly devise new tactics to breach security measures and exploit unsuspecting users. The emergence of the GoldPickaxe Trojan serves as a stark reminder of the ...
10 months ago Cysecurity.news
GenAI Regulation: Why It Isn't One Size Fits All - With President Biden calling on Congress to pass bipartisan data privacy legislation to accelerate the development and use of privacy-centric techniques for the data that is training AI, it's important to remember that excessive regulation can stifle ...
9 months ago Cybersecurity-insiders.com
Fakers Steal $26M via Video - Spearphish pivots to deepfake Zoom call, leads to swift exit of cash. A poor peon in the finance department of a large company got taken in by a deepfake of the firm's chief financial officer. Your humble blogwatcher curated these bloggy bits for ...
10 months ago Securityboulevard.com
When a Data Mesh Doesn't Make Sense - The data mesh is a thoughtful decentralized approach that facilitates the creation of domain-driven, self-service data products. Data mesh-including data mesh governance-requires the right mix of process, tooling, and internal resources to be ...
9 months ago Feeds.dzone.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)