New Android & iOS malware that wants to steal your face

/ Hotstar / By
Hotstar in UAE
Hotstar in UAE

A new malware has appeared on both Android and iOS, and it wants to steal your face for fraud purposes. The name of this malware is ‘GoldPickaxe’, and it uses a social engineering scheme to trick you into allowing it to scan your face.

New Android & iOS malware wants to steal your face

Once it does that, it uses the scan to generate deepfakes to get access to your bank account. It’s a part of a malware suit developed by the Chinese threat group known as ‘GoldFactory’. That group is behind ‘GoldDigger’, ‘GoldDiggerPlus’, and ‘GoldKefu’ malware.

‘GoldPickaxe’ was spotted by Group-IB, and the company says that the attacks mostly targeted the Asia-Pacific region. They did so on both Android and iOS, though. Thailand and Vietnam were the most targeted, but not the only two countries.

The fear is that this malware could spread like wildfire. The tactics it uses could easily be effective on a global scale. Users do need to allow for such face scans in order to be in danger, but not everyone is tech-savvy and many people would not recognize the threat.

‘GoldPickaxe’ distribution started in October 2023

The distribution of ‘GoldPickaxe’ allegedly started in October 2023. It’s simply a continuation of the three previous malware that we’ve mentioned. It works differently, but it has similar nefarious goals.

GoldPickaxe timeline

How does this malware work exactly? Well, users are approaches to phishing or smishing messages on the LINE app. They’re approached in their own language, and the messages represent themselves as government bodies.

Those messages are trying to get users to install specific apps, such as the ‘Digital Pension’ app. That app is not available via the Google Play Store, but the listing does impersonate the Google Play Store, that’s how users get tricked. That app then scans your face, and the problems begin.

Digital Pension fradulent app

Both Android & iOS users are in danger, but the approach is different

The process is a bit different for iOS users. It was first conducted via the malicious ‘TestFlight’ app, but then Apple removed that app. From that point on, the attackers switched to a malicious Mobile Device Management (MDM) profile, as they are trying to lure people into installing it.

MDM Profile GoldPickaxe

As per usual, please be careful what apps you download, and from where. Don’t let unknown apps scan your face, and be sure you get apps from official stores. Don’t believe fraudulent messages from instant messaging services, and so on. You can never be too careful.

2024-02-16 15:06:03