A cyber security company has recently issued a warning to iPhone users that Apple iPhone is being attacked by a rare Trojan called GoldDigger. This malware is part of a cluster of aggressive banking trojans affecting users in the Asia-Pacific (APAC) region. The malware group previously seen only affected Android users, but now a new version has emerged, which specifically targets iOS and steals facial recognition data and other sensitive information from devices. This type of malware attack is very rare on the iPhone, as Apple is quite proactive in releasing security patches for their operating systems.
Facial recognition data of iPhone devices is being stolen by new iOS Trojan
Cybersecurity firm, Group-IB, is behind the discovery of the new iOS Trojan. The group first discovered this new variant of Android malware in October 2023 and named it Golddigger. It has been tracked ever since. The malicious program is actually a banking trojan, which steals users’ financial information and targets banking apps, e-wallets and crypto-wallets for it. It was first seen in Vietnam but has since been identified as a cluster, affecting the entire Asia-Pacific region.
Group-IB noted in their report that a new sophisticated mobile Trojan is specifically targeting iOS users, which the cybersecurity firm named GoldPickaxe.iOS. The malware is capable of stealing facial recognition data, identity documents and can even access SMS.
The cybersecurity group also claimed that the people behind the Golddigger malware likely took advantage of face-swapping AI accessories to create deepfakes based on Face ID data. Then, using a combination of identity documents, SMS access and Face ID data, the hacker behind the program can gain access to victims’ iPhones and their banking apps. Hackers then repeat bank transactions to steal money from these users. According to Group-IB’s report, this method of financial theft is unprecedented.
The report also revealed that the malware was previously spread to iPhones through the TestFlight app, which allows developers to beta-test new features before rolling them out. But Apple quickly removed it. But now, it is being spread through a multi-level social engineering technique, by tricking victims into installing a Mobile Device Management (MDM) profile.
The Trojan is suspected to be linked to an organized Chinese-speaking cybercrime group and is mainly affecting Vietnam and Thailand. It is likely to spread to other regions as well. The cybersecurity group said it has notified Apple about the Trojan and that the iPhone maker is likely already trying to fix it.
