The first iOS version of a Trojan horse has been discovered invading a device by abusing TestFlight, a framework used by developers to experimentally release apps. According to reports, the malware, named GoldPickaxe, is used to withdraw funds from victims’ bank accounts.
GoldDigger-based malware, a Trojan designed to run on Android devices, was first discovered in October last year, according to a new report from security firm Group-IB on February 15.
The company named this malware GoldpickAx and conducted an investigation. According to this, Gold Peak Ax has iOS and Android versions and, unlike Gold Digger, features regular updates designed to avoid detection.
The iOS version of GuldpickAx can intercept facial recognition data or SMS, and hackers can also abuse stolen biometric authentication data to create AI-powered deepfakes, combining information from stolen IDs or SMS with biometric information to deposit into the bank account of the victim. be accessed fraudulently.
Hackers who abused Goldpick Ax distributed malware using Apple’s mobile app testing platform, TestFly. However, since the app was later deleted by Testflight, the hacker focused on MDM, a framework for unified device management. They are said to have managed to completely control the device through a social engineering attack to force the victim to install an MDM profile loaded with a Trojan horse.
At the time of the announcement, Gold Peak Ax was only being used to target victims in Vietnam and Thailand. Among them, the Bank of Thailand requires biometric authentication for transactions above 50,000 baht after March 2023, so stolen biometric information in such transactions could be used. In Vietnam, there are also reports of theft of bank deposits by stealing biometric information from a counterfeit public service app, and Group-IB suspects a relationship with Goldpickax.
Group-IB believes that Goldpickax was developed by GoldFactory, a Chinese-speaking cybercrime group, and that GoldFactory is closely related to Gigabud, another Android malware development organization.
To prevent Trojan horse intrusion, Group-IB recommends not clicking on suspicious links, downloading apps only from official platforms, and paying close attention to the permissions requested by apps. Related information can be found here.
#Trojan #Horse #iOS #discovered #time
