First ever iOS trojan discovered — and it’s stealing facial recognition data to break into bank accounts

One of the reasons many people pick one of the best iPhones over their Android counterparts is due to security. However, that could be changing as the first ever banking trojan designed to target iPhone users has been spotted in the wild. According to a new report from Group-IB, the Android trojan GoldDigger has now been modified with new capabilities that make it easier for this malware to drain victims’ bank accounts

Face Off

GoldPickaxe.iOS, Group-IB researchers found, is capable of collecting facial recognition data, identity documents, and intercepting SMS. Its Android sibling has the same functionality but also exhibits other functionalities typical of Android Trojans. To exploit the stolen biometric data, the threat actor utilizes AI-driven face-swapping services to create deepfakes. This data combined with ID documents and the ability to intercept SMS, enables cybercriminals to gain unauthorized access to the victim’s banking account – a new technique of monetary theft, previously unseen by Group-IB researchers in other fraud schemes.

The newly identified GoldPickaxe.iOS employs a notable distribution scheme. The threat actor utilized Apple’s mobile application testing platform, TestFlight, to distribute malware initially. Following the removal of its malicious app from TestFlight, the threat actor adopted a more sophisticated approach. They employed a multi-stage social engineering scheme to persuade victims to install a Mobile Device Management (MDM) profile. This allowed the threat actor to gain complete control over the victim’s device.