Security researchers say they are tracking a new Apple iOS Trojan designed to give criminals access to victims’ bank accounts.
Cybersecurity firm Group-IB says the Trojan was deployed by a Chinese cybercrime group and is collecting a trove of sensitive data from affected users, Security Week reports.
The malicious code can collect facial profiles, sensitive documents and text messages, which are then used to log into victims’ bank accounts.
Researchers say the hackers, who have modified the Trojan multiple times, are currently using it to target iPhone users in Thailand.
“The iOS malware, disguised as a Thai government application, was initially installed on devices by abusing TestFlight, an Apple developer tool designed to test applications before they are released on the official app store…
The iOS version of the GoldPickaxe malware can collect photos from the infected iPhone’s library, collect text messages, capture the victim’s face, and proxies network traffic through the infected device. She can also instruct the victim to provide a photo of his identity card.”
A number of banks in Thailand are using facial recognition checks, and researchers say the hackers are combining stolen facial data with AI to create convincing deepfakes.
Group-IB also says the Trojan may be active in Vietnam, where a recent news report described a malware attack with similar characteristics.
Don’t miss a beat – Subscribe to receive email alerts straight to your inbox
Check price action
follow us on TweetFacebook and Telegram
Surf to the Daily Hodl mix
Generated image: Midjourney