February 19, 2024 at 05:39AM
Group-IB researchers discovered iOS trojan GoldPickaxe, utilized by Chinese cybercriminal group GoldFactory in APAC region. Trojan collects personal and banking info, including face profiles, SMS, and ID photos. It was distributed through fake apps and MDM profiles, while the Android version has more features. Group-IB warns of potential expansion beyond Thailand and Vietnam.
Key takeaways from the meeting notes:
1. Cybersecurity firm Group-IB has discovered a new iOS trojan created by a Chinese cybercrime group, known as GoldFactory. The trojan, named GoldPickaxe, aims to steal money from victims’ bank accounts.
2. GoldPickaxe is designed to collect face profiles, identification documents, and SMS messages, enabling unauthorized access to victims’ bank accounts. Additionally, it can produce deepfakes using AI-powered face-swapping services.
3. In Thailand, the trojan aids cybercriminals by gathering information required for facial recognition checks during significant money transfers.
4. The iOS version of GoldPickaxe initially spread through the abuse of Apple’s TestFlight tool and later leveraged mobile device management (MDM) for installation.
5. The Android version of GoldPickaxe is distributed through fake government, financial, and utility apps and has more features compared to the iOS version.
6. The cybercriminals target potential victims through SMS messages and phone calls, providing detailed instructions for deploying the trojan on their devices. Although the group appears to be Chinese-speaking, they may collaborate with local groups to gain trust.
7. The fraudsters do not conduct unauthorized bank transfers directly from the victims’ devices but use the trojan to obtain information necessary for stealing money.
8. Despite initial focus on Thailand and potential operations in Vietnam, there are indications of GoldFactory expanding its operations in the APAC region.