First iOS Banking Trojan Detected, Posing Threat to iPhone Users’ Bank Accounts
The longstanding perception of iPhones as the more secure choice over Android devices is being challenged with the discovery of the first banking trojan targeting iPhone users. Security experts at Group-IB have identified a new variant of the Android trojan GoldDigger, now adapted to infiltrate iOS devices, named GoldPickaxe. This sophisticated malware is designed to steal Face ID data among other personal information, posing a significant threat to users’ financial security.
Originally discovered last October, GoldPickaxe is part of a worrying trend of banking trojans that not only aim to drain victims’ bank accounts but also utilize biometric data to create AI-generated deepfakes for unauthorized account access. This development marks a significant escalation in cybercriminal capabilities, extending their reach to both Android and iPhone users.
Currently, the trojan’s activities are concentrated in Vietnam and Thailand. However, there is a potential for these cybercriminals to expand their focus to include users in the U.S., Canada, and other English-speaking countries if their initial campaigns prove successful.
The distribution of such trojans on iPhones presents unique challenges due to Apple’s closed ecosystem. Initially, the perpetrators exploited Apple’s TestFlight app testing platform to disseminate the GoldPickaxe.IOS trojan. Following the removal of the malicious app from TestFlight, they resorted to social engineering tactics, convincing victims to install a Mobile Device Management (MDM) profile, thereby gaining complete control over the affected devices.
Group-IB’s research indicates that a single threat actor, known as GoldFactory, is behind the development of both the Android and iOS versions of the GoldPickaxe banking trojan. Furthermore, the discovery of an additional variant, GoldDiggerPlus, reveals an expanded capability allowing real-time calls to victims on infected devices.
Given the lucrative nature of banking trojans, it is likely that this will not be the last instance of such malware targeting mobile users. In response to these emerging threats, iPhone users are advised to exercise caution and adhere to best practices for digital security.
To safeguard against potential infections, users should avoid installing apps through TestFlight unless absolutely necessary and refrain from adding MDM profiles to their devices at the behest of anyone other than their employers. Although iOS’s restrictions limit the availability of antivirus apps, users can utilize solutions like Intego Mac Internet Security X9 to scan iPhones for malware when connected to a Mac.
Additionally, activating features such as Lockdown Mode and Apple’s Stolen Device Protection can provide an extra layer of security, helping to mitigate the risk of malware infections and device theft.
As the landscape of digital threats continues to evolve, the discovery of iPhone-targeting banking trojans serves as a stark reminder for users to maintain vigilant cyber hygiene practices and stay informed about the latest security measures to protect their personal and financial information.