First Trojan attacks Vietnamese and Thai iOS users
The Trojan GoldDigger has been designed to target iPhone users, allowing cybercriminals to steal facial data and withdraw money from payment applications. The belief that iPhones are more secure than Android phones may no longer hold true, according to cybersecurity company Group-IB, who discovered the first version of the Trojan aimed at the iPhone. Although the malware primary targets users in Vietnam and Thailand, it may expand its operations worldwide soon.
The Trojan is based on GoldDigger, which is designed to work on Android. The iOS version is known as GoldPickaxe. Once installed on an iPhone or Android smartphone, GoldPickaxe can collect personal information such as FaceID, identification data and SMS messages, which can be used to withdraw money from bank accounts or financial applications. Biometric data can also be exploited to create deepfakes, impersonate victims, and access their bank accounts.
Trojans targeting bank accounts are difficult to operate on iPhones because of Apple's closed app ecosystem. However, hackers have found a way to spread Trojans through the TestFlight platform. TestFlight is a private area for developers to test applications before posting them to the App Store. Hackers upload an unfinished app and send a link to specific testers. Test users use the entire application or some features and then provide feedback to perfect the product.
After Apple removed the GoldPickaxe Trojan from TestFlight, hackers turned to a more advanced method involving Mobile Device Management (MDM) configuration, which is commonly used to manage enterprise devices. Group IB has notified Apple of this issue.
Group-IB identified GoldFactory as the developer of GoldPickaxe. They also discovered a GoldDiggerPlus variant that allows attackers to call users of Trojan-infected devices directly. The cybersecurity company believes that Trojans like GoldDigger or GoldPickaxe will continue to appear in the near future.
To protect iPhones, users should avoid installing applications from untrusted sources and limit downloading applications via TestFlight because this platform is not censored like the App Store.
The Trojan is based on GoldDigger, which is designed to work on Android. The iOS version is known as GoldPickaxe. Once installed on an iPhone or Android smartphone, GoldPickaxe can collect personal information such as FaceID, identification data and SMS messages, which can be used to withdraw money from bank accounts or financial applications. Biometric data can also be exploited to create deepfakes, impersonate victims, and access their bank accounts.
Trojans targeting bank accounts are difficult to operate on iPhones because of Apple's closed app ecosystem. However, hackers have found a way to spread Trojans through the TestFlight platform. TestFlight is a private area for developers to test applications before posting them to the App Store. Hackers upload an unfinished app and send a link to specific testers. Test users use the entire application or some features and then provide feedback to perfect the product.
After Apple removed the GoldPickaxe Trojan from TestFlight, hackers turned to a more advanced method involving Mobile Device Management (MDM) configuration, which is commonly used to manage enterprise devices. Group IB has notified Apple of this issue.
Group-IB identified GoldFactory as the developer of GoldPickaxe. They also discovered a GoldDiggerPlus variant that allows attackers to call users of Trojan-infected devices directly. The cybersecurity company believes that Trojans like GoldDigger or GoldPickaxe will continue to appear in the near future.
To protect iPhones, users should avoid installing applications from untrusted sources and limit downloading applications via TestFlight because this platform is not censored like the App Store.
Share