Cybercriminals are stealing Face ID scans to break into mobile banking accounts

Cybercriminals are stealing Face ID scans to break into mobile banking accounts

February 15, 2024 at 09:02AM

Cybercriminals have targeted iOS users by distributing trojanized smartphone apps, named GoldPickaxe and GoldPickaxe.iOS, in Vietnam and Thailand. These apps collect biometric data and intercept SMS messages to access bank accounts. They use deepfake technology and social engineering to steal identities and break into victims’ banks. This reveals the maturity of deepfake technology for real-world attacks. The GoldFactory group also develops other trojans, such as GoldDigger and GoldDiggerPlus, to gather banking credentials and personal information. The group’s adaptability and sophistication underline the need for proactive cybersecurity measures.

During the meeting, it was discussed that a Chinese-speaking cybercrime group named GoldFactory, identified by Group-IB researchers, has been distributing trojanized smartphone apps targeting both Android and iOS users since June 2023. The iOS version, known as GoldPickaxe.iOS, specifically targets users in Thailand, masquerading as the Thai government’s official digital pensions app, and possibly affecting users in Vietnam as well. The group utilizes various sophisticated methods, including social engineering, to trick users into downloading the malicious apps. Once installed, the malware captures victims’ biometric data and ID documents, intercepts SMS, and proxies traffic through the victims’ devices.

GoldPickaxe serves as a significant example of the evolution of cybercriminal tactics in today’s threat landscape, demonstrating the abuse of biometric technology and the application of deepfake software to remotely break into victims’ banks.

Another noteworthy point is that the GoldFactory group was able to swiftly develop a bypass for the new facial biometrics security initiative in Thailand, which strongly indicates the group’s capabilities and adaptability. Moreover, Group-IB highlighted the group’s resourcefulness and the diverse set of tools at their disposal, emphasizing the need for a proactive and integrated approach to cybersecurity to combat such threats effectively.

Full Article