The cybersecurity group also claimed that criminals targeting Golddigger malware could use face-swapping AI tools to create deepfakes based on Face ID data, then use them to access identity documents, SMS, etc. They can then access the victim’s iPhone and their banking apps using the combination of Face ID data.
iPhone devices are being targeted by a rare Trojan named Golddigger. The malware is part of a group of banking trojans targeting users in the Asia-Pacific region. The previously seen malware group was only affecting Android users, but now a new version has been detected that is specifically targeting iOS users and stealing Face ID data and other sensitive information from the devices. This is a surprising discovery, because Apple is considered to be very active in releasing security patches for its operating systems and it is claimed that their devices are safe from this type of malware. Cyber security firm Group-IB was behind the discovery
of the iOS Trojan . The group has been monitoring it since October 2023 when it first found a new version of the Android malware and named it GoldDigger. The program is a banking trojan that steals financial information and targets banking apps, e-wallets and crypto-wallets. It was first observed in Vietnam but was later identified as a cluster affecting the entire Asia Pacific. In its findings, the group noted that “a new mobile Trojan is specifically targeting iOS users, dubbed GoldPickaxe.iOS by Group-IB.” The malware is capable of stealing Face ID data, identity documents and can even intercept SMS. The cybersecurity group also claimed that criminals targeting Golddigger malware could use face-swapping AI tools to create deepfakes based on Face ID data, then use them to access identity documents, SMS, etc. They can then access the victim’s iPhone and their banking apps using the combination of Face ID data. According to Group-IB, this method of stealing money was not seen before.
It is reported that the malware was first distributed through the TestFlight app, which lets developers beta-test new features before rolling them out. However, it was quickly removed by Apple. Now, it is being spread through a multi-level social engineering technique in which targets are tricked into setting up mobile device management (MDM) profiles.
The Trojan is suspected to be linked to an organized Chinese-speaking cybercrime group and is primarily affecting Vietnam and Thailand. There is a possibility of it spreading to other areas also. The cybersecurity group said it has informed Apple about the Trojan and that it is likely the iPhone maker is already in the process of fixing it.