A cybersecurity company has spotted a new iPhone and Android malware that tricks victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorised banking access. It was reported that it was doing more damage to Android users than those with iPhones. Google has now responded to the report.
How this malware works to trick victims
The trojan named ‘GoldPickaxe’, which employs social engineering schemes to trick users, was spotted by Singapore-based Group-IB and is said to be a part of a malware suite developed by the Chinese threat group known as ‘GoldFactory’.This group is responsible for other malware strains such as ‘GoldDigger’, ‘GoldDiggerPlus,’ and ‘GoldKefu.’
As per Group-IB, attacks have been observed primarily targeting the Asia-Pacific region, mainly Thailand and Vietnam.
The attack starts with social engineering tricks. According to a report by Bleeping Computer, the distribution of Gold Pickaxe started in October 2023 and is still ongoing. Victims are approached through phishing messages on the LINE app. These messages are written in local language, impersonating government authorities or services, and push victims to install fraudulent apps, such as a fake ‘Digital Pension’ app hosted on websites impersonating Google Play.
On iPhones, the threat actors initially directed targets to a TestFlight URL to install the malicious app, allowing them to bypass the normal security review process. As per Group-IB, the Android version of the trojan is more malicious than in iOS due to Apple’s higher security restrictions and on Android, the trojan uses over 20 bogus apps as cover.
Once installed on a device, the app operates semi-autonomously, manipulating functions in the background, capturing the victim’s face, intercepting incoming SMS and requesting ID documents. After collecting the data, the hackers use it for bank fraud, Group-IB assumed.
What Google has to say
A Google spokesperson told Bleeping Computer that Android users are protected against known versions of this malware. “Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behaviour, even when those apps come from sources outside of Play,” the spokesperson was quoted as saying.
How this malware works to trick victims
The trojan named ‘GoldPickaxe’, which employs social engineering schemes to trick users, was spotted by Singapore-based Group-IB and is said to be a part of a malware suite developed by the Chinese threat group known as ‘GoldFactory’.This group is responsible for other malware strains such as ‘GoldDigger’, ‘GoldDiggerPlus,’ and ‘GoldKefu.’
As per Group-IB, attacks have been observed primarily targeting the Asia-Pacific region, mainly Thailand and Vietnam.
The attack starts with social engineering tricks. According to a report by Bleeping Computer, the distribution of Gold Pickaxe started in October 2023 and is still ongoing. Victims are approached through phishing messages on the LINE app. These messages are written in local language, impersonating government authorities or services, and push victims to install fraudulent apps, such as a fake ‘Digital Pension’ app hosted on websites impersonating Google Play.
On iPhones, the threat actors initially directed targets to a TestFlight URL to install the malicious app, allowing them to bypass the normal security review process. As per Group-IB, the Android version of the trojan is more malicious than in iOS due to Apple’s higher security restrictions and on Android, the trojan uses over 20 bogus apps as cover.
Once installed on a device, the app operates semi-autonomously, manipulating functions in the background, capturing the victim’s face, intercepting incoming SMS and requesting ID documents. After collecting the data, the hackers use it for bank fraud, Group-IB assumed.
What Google has to say
A Google spokesperson told Bleeping Computer that Android users are protected against known versions of this malware. “Android users are automatically protected against known versions of this malware by Google Play Protect, which is on by default on Android devices with Google Play Services. Google Play Protect can warn users or block apps known to exhibit malicious behaviour, even when those apps come from sources outside of Play,” the spokesperson was quoted as saying.
Denial of responsibility! Swift Telecast is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – swifttelecast.com. The content will be deleted within 24 hours.