Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

This new malware can literally steal your face to use in fraud — Android and iOS devices both affected, so be on your guard

App security.

Cybersecurity researchers have discovered a new mobile trojan that literally looks to steal people’s faces to hack into theiraccounts.

The GoldPickaxe trojan steals biometric data and uses it to generate convincing deepfakes which can then be used to break into mobile banking applications, a report from Group-IB says.

GoldPickaxe is available for both Android and iOS, although for the latter, it has fewer features due to the closed nature of the iOS. Still, the existence of the iOS version marks a rare occasion of malware targeting Apple’s mobile operating system, the researchers said.

Thailand and Vietnam at risk

Besides stealing facial recognition data, GoldPickaxe also steals identity documents and intercepts SMS messages, getting more than enough information to break into mobile banking applications. The final step - actually logging into the banking app and withdrawing funds - is not being done on the targets’ devices. Instead, the crooks are installing banking apps on their own devices and logging in from there, Thai police confirmed to the researchers.

The experts believe the group behind the trojan is most likely GoldFactory, a Chinese-speaking threat actor that’s known for building GoldDigger, GoldDiggerPlus, and GoldKefu, all banking trojans.

In this instance, GoldFactory is targeting people in the Asia-Pacific region, with those in Thailand and Vietnam being most at risk.

To get the malware to work, the victim still needs to grant it relevant permissions. Hence, the attackers are impersonating local banks, and government organizations, and are engaged in a multi-stage social engineering scheme to manipulate victims into granting all the necessary permissions. They are not exploiting any vulnerabilities in either Android or iOS to install the malware - it’s all just social engineering.

We don’t know exactly how many people are affected by this campaign, or how much money the hackers managed to steal with the malware.

Edit:

Following the publication of the article, a Google spokesperson reached out to confirm that Android users are "automatically protected against this trojan:

“Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services," the spokesperson told TechRadar Pro. "Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play."

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.