Adrian Johnson
TLDR:
- Chinese hackers are using iOS trojans to steal money from victims’ bank accounts.
- The trojan, known as GoldPickaxe, targets the APAC region, specifically Thailand and possibly Vietnam.
In a recent article by SecurityWeek, researchers at the cybersecurity firm Group-IB have identified a new iOS trojan being used by a Chinese cybercrime group to steal money from victims’ bank accounts. The trojan, called GoldPickaxe, is part of a series of malware created by the group, including Android trojans named GoldDigger, GoldDiggerPlus, and GoldKefu. The GoldPickaxe trojan collects face profiles, identification documents, and SMS messages from infected mobile devices, allowing the hackers to gain access to victims’ bank accounts and make unauthorized money transfers.
The iOS version of the GoldPickaxe trojan is designed to collect photos, SMS messages, capture the victim’s face, and proxy network traffic through the infected device. It can also gather information to create deepfakes using AI-powered face-swapping services. The trojan was disguised as a Thai government application and initially installed on devices by abusing Apple’s TestFlight tool. When Apple took measures to prevent this abuse, the hackers turned to using mobile device management (MDM) to trick victims into installing a malicious profile that enables the installation of the malware on iOS devices.
The Android version of GoldPickaxe has more features compared to the iOS version and is delivered through fake government, financial, and utility apps. The cybercriminals send SMS messages and provide detailed instructions to trick victims into installing the trojan on their devices. While the attackers seem to be Chinese speakers, they may be collaborating with a local group to target victims more effectively. The hackers are using the trojan to gather the information needed to make unauthorized bank transfers, but not directly from the victim’s device.
Group-IB has not confirmed the use of GoldPickaxe in Vietnam but indicates that the hackers may have expanded their operations beyond Thailand and Vietnam. With an increase in focus on the APAC region, it is essential for organizations and individuals to be vigilant against such cyber threats. The use of AI-powered deepfakes and sophisticated social engineering tactics by cybercriminals highlights the need for strong cybersecurity measures to protect sensitive information and prevent financial losses.
