Group-IB, a creator of cybersecurity technologies to investigate, prevent, and fight digital crime, has reported uncovering a new iOS Trojan, which it has dubbed GoldPickaxe.iOS, designed to steal users’ facial recognition data, identity documents, and intercept SMS.
In fact, in Feb 2024, news emerged that a Vietnamese citizen fell victim to malware. The individual carried out the operations requested by the application, including a facial recognition scan. As a result, cybercriminals withdrew money equivalent to more than US$40,000 . While Group-IB doesn’t have direct evidence of GoldPickaxe’s distribution in Vietnam, the unique feature mentioned in the news suggests that GoldPickaxe has most likely reached Vietnam.
It is of note that GoldPickaxe.iOS is the first iOS Trojan observed by Group-IB that combines the following functionalities: collecting victims’ biometric data, ID documents, intercepting SMS, and proxying traffic through the victims’ devices. Its Android sibling has even more functionalities than its iOS counterpart, due to more restrictions and the closed nature of iOS.
When the victim clicks on the contact customer service button fake alert, GoldKefu checks if the current time falls within the working hours of the cybercriminals. If it does, the malware will try to find a free operator to call through. Thus, it is believed that GoldFactory might be engaging operators proficient in Thai and Vietnamese or even possibly running a call center.