In a surprising development, the first-ever banking trojan designed to target iPhone users has been identified in the wild. Initially discovered as the Android trojan GoldDigger in October, it has now evolved into a more sophisticated threat named GoldPickaxe. This trojan poses a significant risk to iOS users by not only targeting financial information but also utilizing Face ID data to access bank accounts.
Android Trojan Finds Its Way to iPhones
Despite iPhones being known for their robust security, hackers have managed to modify the GoldDigger trojan, creating GoldPickaxe with versions tailored for both Android and iOS devices. The trojan’s ability to collect facial recognition data, identity documents, and intercepted text messages enables cybercriminals to exploit victims’ bank accounts with alarming efficiency.
As of now, GoldPickaxe is primarily focused on victims in Vietnam and Thailand. However, the potential success of this malware campaign may embolden cybercriminals to expand their operations to target iPhone and Android users in English-speaking countries, including the U.S. and Canada.
Difficulties in Trojan Distribution on iOS
While Android banking trojans commonly propagate through malicious apps and phishing attempts, gaining access to iPhones presents additional hurdles due to the closed nature of Apple’s ecosystem. In the early phases of the campaign, cyber attackers utilized Apple’s TestFlight to disseminate the GoldPickaxe.IOS trojan. Subsequently, following its removal from TestFlight, the hackers turned to social engineering to convince victims to install a Mobile Device Management (MDM) profile, providing them with full control over the compromised iPhones.
Identified by Group-IB, the cybersecurity company that unearthed GoldPickaxe, the creation of both Android and iOS versions is credited to a singular threat actor known as GoldFactory. The trojan’s complexity becomes apparent in its progression, as a fresh iteration named GoldDiggerPlus now facilitates real-time calls on compromised devices, underscoring the versatility and adaptability of the assailants.
Apple’s Response and User Protection Tips
While Apple is likely already working on a fix for this emerging threat, users can take additional steps to protect their iPhones. Avoiding the installation of apps through TestFlight and rejecting MDM profile requests from unfamiliar sources are crucial precautions. Although Apple’s restrictions limit the availability of antivirus apps for iOS, users can scan their devices for malware using solutions like Intego Mac Internet Security X9 or Intego Mac Premium Bundle X9, connecting the iPhone to a Mac via a USB cable.
For users at higher risk, enabling Lockdown Mode is a prudent step, even though it may limit the functionality of certain apps. Additionally, considering Apple’s Stolen Device Protection can offer peace of mind in case of physical iPhone theft. It is essential for iPhone users to practice good cyber hygiene, avoid unnecessary risks, and remain vigilant against potential threats.
In conclusion, the emergence of the GoldPickaxe trojan highlights the evolving landscape of cyber threats targeting even the highly secure iOS ecosystem. Users must stay informed about such risks, follow recommended security practices, and be cautious about installing apps or granting permissions to unfamiliar sources. As cybersecurity threats continue to evolve, proactive measures become crucial to safeguard personal information and financial assets in the digital age
