February 15, 2024 at 04:34AM
‘Gold Pickaxe’ is a new iOS and Android trojan employing social engineering to trick victims into providing their faces and ID documents. Developed by the ‘GoldFactory’ Chinese threat group, it’s part of a suite of malware and targets Asia-Pacific. It uses fraudulent apps and webpages to capture sensitive information and perform malicious activities, possibly for bank fraud.
Key Takeaways from the Meeting Notes:
1. Gold Pickaxe is a new trojan targeting both iOS and Android devices, developed by the Chinese threat group ‘GoldFactory.’ The trojan employs a social engineering scheme to trick victims into scanning their faces and ID documents.
2. The malware is primarily targeting the Asia-Pacific region, particularly Thailand and Vietnam, but its techniques could be effective globally and may be adopted by other malware strains.
3. The distribution of Gold Pickaxe began in October 2023 and is part of a larger GoldFactory campaign that started in June 2023 with Gold Digger.
4. Social engineering attacks are initiated through phishing or smishing messages on the LINE app, impersonating government authorities or services.
5. The trojan’s capabilities include capturing victims’ faces, intercepting SMS, and proxying network traffic through infected devices using ‘MicroSocks.’
6. The Android version of the trojan performs more malicious activities compared to the iOS version, due to Apple’s higher security restrictions.
7. The trojan’s use of victims’ faces for bank fraud is an assumption, supported by the fact that many financial institutions added biometric checks for transactions above a certain amount.
8. While the trojan can steal images and video of victims’ faces through social engineering, it does not hijack Face ID data or exploit any vulnerabilities on iOS and Android devices.
These takeaways reflect the significant aspects of the meeting notes regarding the Gold Pickaxe trojan and its potential impact on users and financial institutions.