This new malware can literally steal your face and use it to scam you – this applies to both Android and iOS devices, so stay alert

Cybersecurity researchers have discovered a new mobile Trojan that literally steals people’s faces and hacks into their accounts.

The Group-IB report shows that the GoldPickaxe trojan steals biometric data and uses it to generate convincing deepfakes, which can then be used to hack mobile banking applications.

Gold Pickaxe is available on both Android and iOS, although in the latter case it has fewer features due to the closed nature of iOS. However, researchers said the existence of an iOS version presents a rare opportunity for malware targeting Apple’s mobile operating system.

Thailand and Vietnam at risk

In addition to stealing facial recognition data, GoldPickaxe also steals identity documents and intercepts SMS messages, obtaining enough information to hack into mobile banking applications. The final step – actually logging into the banking app and withdrawing funds – is not performed on the target devices. Instead, fraudsters install banking apps on their devices and log in from there, Thai police confirmed to investigators.

Experts believe that the group behind the Trojan is most likely GoldFactory, a Chinese-speaking cybercrime group known for creating the GoldDigger, GoldDiggerPlus and GoldKefu banking Trojans.

In this case, GoldFactory is targeting people in the Asia-Pacific region, with people in Thailand and Vietnam being most at risk.

For the malware to work, the victim must grant it the appropriate permissions. Therefore, attackers impersonate local banks and government organizations and engage in a multi-step social engineering program designed to manipulate victims into granting all necessary permissions. They don’t exploit any security vulnerabilities in Android or iOS to install malware – it’s just social engineering.

We don’t know exactly how many people were affected by this campaign or how much money hackers managed to steal with the malware.

Edit:

After the article was published, a Google spokesperson contacted us to confirm that Android users are “automatically protected against this Trojan:

“Android users are automatically protected against known versions of this malware by Google Play Protect, which is enabled by default on Android devices and Google Play Services,” the spokesperson said TechRadar Pro. “Google Play Protect can warn users or block apps known to exhibit malicious behavior, even if they come from sources outside Play.”

More with TechRadar Pro