Beware of the first-ever iOS Trojan! GoldPickaxe targets iPhones to breach bank accounts | Mobile News

Beware of the first-ever iOS Trojan! GoldPickaxe targets iPhones to breach bank accounts

First-ever iOS Trojan, GoldPickaxe, has been found and it targets Face ID data for bank theft purposes. Learn how cybercriminals breach iPhones, and essential tips to keep your device secure.

| Updated on: Feb 16 2024, 22:03 IST
Enhanced security: Apple iOS 17.3 stolen device protection will save your iPhone, download now
iOS trojan
1/6 1. Stolen Device Protection Overview:Apple's latest iOS update, version 17.3, introduces Stolen Device Protection, a feature designed to thwart thieves by adding extra security layers. It aims to prevent unauthorized access to key functions and settings, addressing vulnerabilities exploited by iPhone thieves.  (unsplash)
image caption
2/6 2. Increased Security Measures:Stolen Device Protection tracks users' "familiar locations," requiring additional biometric verifications for certain actions when the device is away from these places. This reduces reliance on easily compromised passcodes, enhancing security with features like Face ID or Touch ID.  (unsplash)
image caption
3/6 3. Biometric Authentication:The feature ensures that only the rightful owner can erase contents or settings by demanding a Face ID or Touch ID scan. Passcodes or backup methods are not accepted, making it significantly challenging for thieves attempting to wipe the device for resale.  (unsplash)
image caption
4/6 4. Actions Triggering Protection:Stolen Device Protection activates when users attempt actions like using Keychain passwords, modifying Apple ID settings, turning off Lost Mode, applying for an Apple Card, or setting up a new device. A second layer introduces delays and additional verifications for critical security settings. (unsplash)
image caption
5/6 5. Activation Process:To activate Stolen Device Protection, users need to update their iOS, go to settings, and navigate to "Face ID & Passcode" or "Touch ID & Passcode." After entering the passcode, users can find and toggle the Stolen Device Protection setting. Ensure two-factor authentication and Find My device are active for it to appear. (unsplash)
image caption
6/6 6. Applicability to iPhone Models:Stolen Device Protection applies to iPhone XS and newer models, including the second- and third-generation iPhone SE models. This feature aims to address the reported surge in phone thefts by making it more challenging for thieves to compromise user accounts and data. (unsplash)
iOS trojan
icon View all Images
The first-ever iOS trojan, GoldPickaxe, threatens bank accounts by stealing Face ID data on iPhones. (Pexels)

In a groundbreaking development, the realm of iPhone security has been shaken as the first-ever banking Trojan tailored for iOS devices has emerged. Originally known as the Android Trojan GoldDigger, it has now evolved into GoldPickaxe, equipped with advanced features designed to facilitate the unauthorised draining of bank accounts of users with iPhones.

Initially identified in October, this malicious software, capable of infecting both Android and iOS devices, specifically targets iPhone users. Once it infiltrates iPhones, GoldPickaxe harvests facial recognition data, identity documents, and intercepted text messages to streamline the pilfering of funds from various banking and financial applications. Alarmingly, the obtained biometric data is employed to generate AI deepfakes, enabling cybercriminals to impersonate victims and gain access to their bank accounts, TechRadar reported.

Currently, the GoldPickaxe Trojan is confined to targeting victims in Vietnam and Thailand. Nevertheless, the potential success of this campaign could prompt the expansion of operations to include iPhone and Android users in English-speaking countries such as the U.S. and Canada.

Not sure which
mobile to buy?

Unprecedented Method of Entry: From TestFlight to Mobile Device Management

While infiltrating Android devices often involves malicious apps and phishing tactics, compromising iPhones proves more challenging due to Apple's closed ecosystem. Despite this, cunning hackers managed to exploit Apple's mobile application testing platform, TestFlight, to distribute the GoldPickaxe.IOS Trojan initially. After removal from TestFlight, the hackers resorted to social engineering, convincing victims to install a Mobile Device Management (MDM) profile, providing complete control over the compromised iPhone.

Attributed to a single threat actor named GoldFactory, responsible for developing both GoldPickaxe versions, the cybersecurity firm Group-IB uncovered a new variant named GoldDiggerPlus. This upgraded malware allows hackers to make real-time calls on infected devices, adding a concerning dimension to the evolving threat.

Secure Your iPhone from Malware Threats

  • Avoid TestFlight: Refrain from installing apps through TestFlight unless necessary, as this process can expose your device to potential threats.
  • MDM Profiles: Only install Mobile Device Management profiles if explicitly requested by your employer for a company-issued iPhone.
  • Malware Scanning: Though Apple restricts antivirus apps on iOS, solutions like Intego Mac Internet Security X9 or Intego Mac Premium Bundle X9 can scan iPhones when connected to a Mac via USB cable.
  • Lockdown Mode: For those at higher risk, consider enabling Lockdown Mode, despite some limitations on app functionality.
  • Stolen Device Protection: Activate Apple's Stolen Device Protection to secure your iPhone in case of theft.

While iPhone malware is now a reality, practising vigilant cyber hygiene and avoiding unnecessary risks will contribute to safeguarding your devices from potential hackers.

Also, read these top stories today:

Facebook faces $3.77 billion lawsuit! 45 million Facebook users were not properly compensated for the value of personal data they had to provide, says Legal academic. Some interesting details in this article. Check it out here. If you enjoyed reading this article, please forward it to your friends and family.

Bypassing Apple! Meta released new guidelines for small businesses that advertise on Facebook and Instagram, aiming to help them get around fees imposed by Apple Inc. Know how Meta will help users evade payment to Apple here. If you enjoyed reading this article, please forward it to your friends and family.

Deepfake danger! A bank uses biased AI outputs in a mortgage lending decision. An insurance firm's AI produces racially homogeneous advertising images. Users of an AI system complain about a bad experience. These are just a few of the potential risks AI poses for financial institutions. However, despite those risks, many potential uses for AI are there for financial firms. Read all about it here

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 16 Feb, 22:03 IST