iPhone 15 Plus review

New Trojan malware “GoldPickaxe” has been discovered on iOS and Android, and it aims to trick users into scanning their faces and files using phishing tactics to potentially gain unauthorised access to bank accounts.

Discovered by Group-IB, the Trojan is believed to be part of Chinese hacker group GoldFactory and malware family GoldDigger, with the latest threat specifically targeting iPhone users. However, an Android version has also been spotted by cybersecurity analysts, hiding in over 20 malicious apps.

GoldPickaxe is known to be able to collect facial recognition data, identity documents, and intercept SMS. Threat actors use this biometric data to deepfakes using AI-driven services. By also intercepting SMS texts, attackers have the ability to gain access to a victim’s bank account.

Using social engineering techniques, including phishing and smishing, attackers pose as government authorities and other services and send victims a message through LINE, a messaging app. Texts ask recipients to install malicious apps masquerading as legitimate services, such as a Digital Pension app. The download is on a fake Google Play website.

GoldPickaxe trojan malware Digital Pension app
Digital Pension app on fake Google Play website via Group-IB

According to the report, it originally directed iOS users to a TestFlight URL to install a malicious app. Now, with Apple removing TestFlight, they dupe victims to download a malicious Mobile Device Management (MDM) profile that lets attackers take control of the iPhone.

Currently, the threat actors target iPhone and Android users in Asia, including Thailand and Vietnam. However, there is potential for the GoldPickaxe Trojan to affect users globally, especially if other hacker groups create a new malware strain.

Researchers have also discovered it can steal photos from devices and proxy network traffic through the victim’s device. As for how it operates, Group-IB states:

“The initial phase involves the creation of recurring tasks that are scheduled to run periodically. These tasks include sending a heartbeat to indicate device activity, verifying application permissions, the status of the connection to the WiFi and assessing connection speed, the latter of which is done by using the PPSPing library. Requests will be sent to www.google.com, and the connection speed results will be sent to the C2 server. This metric can be used to choose a suitable time for exfiltration.”

GoldPickaxe malware chain
GoldPickaxe malware chain via Group-IB

As BleepingComputer points out, while the GoldPickaxe malware steals images and dupes users into showing their faces through video, it doesn’t touch the biometric data stored on iOS and Android, such as Face ID or Touch ID.

The malware is still making the rounds, so it’s a good idea to stay protected from any suspicious messages you receive from unknown sources.

GoldPickaxe: How to stay protected

There are several ways to stay protected from Trojans and malware on iOS and Android, including GoldPickaxe.

To avoid the risk of malware, be wary of clicking on links in emails, text messages, or social media posts, especially if they seem too good to be true or urge immediate action. Don’t visit websites with a bad reputation or those offering pirated content or illegal downloads. Moreover, avoid downloading files like music, movies, or apps from untrusted sources.

You should only download apps only from official app stores like Google Play Store or Apple App Store. These stores have stricter security measures compared to third-party sources. However, hackers can sneak malicious apps into these stores as well.

Read reviews and ratings from other users to understand the app’s legitimacy and functionality. Pay attention to negative reviews mentioning malware or suspicious behaviour. Be cautious of apps requesting excessive permissions that are unnecessary for their function. For example, a flashlight app shouldn’t need access to your contacts.

For an extra layer of protection, using one of the best antivirus software, such as Norton 360, will help identify and remove any malicious malware that makes it to your smartphone. You can also try using free tools such as NordVPN’s Link Checker and Norton Genie, an AI-driven scam detector.

For a better look at how to keep malicious software at bay on your phone, check out our malware on iPhone and malware on Android guides.

Darragh Murphy
Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from the mischievous world of online security to washing machines designed for earbuds. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for laptops into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. When he's not checking out the latest devices and all things tech, he can be found swimming laps, watching terrible shark movies, and trying to find time to game.  Previous Editor at Laptop Mag and News Editor at Time Out Dubai, specialising in food culture, nightlife events, gaming, tech and entertainment.


Please enter your comment!
Please enter your name here