A new kind of malware. Called Gold Pickaxe, this Trojan horse attacks your face to collect your banking data. For now, the attack only concerns countries in Southeast Asia.
Spotted by a cybersecurity company, Group-IB, Gold Pickaxe is malware that is rampant on iOS and Android. Its goal is as old as the Internet: to collect and use your personal and banking data. Its process, however, is unprecedented: using facial recognition, a system favored by banks and government agencies in Southeast Asian countries, to generate deepfakes, which are increasingly numerous online, of stolen faces. But the risk of Gold Pickaxe expanding globally is worrying.
Once upon a time there were fake government officials…
To convince users to authorize access to their bank accounts, there is nothing like posing as a government agent with a threatening tone. It is June 2023 when the Gold Factory pirates begin their dirty work with the Gold Digger campaign.
Victims are ordered to communicate via the Line messaging application and then download an application, Digital Pension for Android available via a fake Google Play, or are redirected to a URL, TestFlight, for iOS. Thinking they are safe, they are unaware that they are infected by the Trojan horse, Gold Pickaxe. The trap then closes on the victims of these cybercriminals, threatened with disclosing some of their personal data if they refuse to comply.
Ultimately, this data is used in the form of deepfakes intended to bypass the verification systems of banking applications and thus connect in place of their victims. We know the rest: empty the bank accounts.
A well-organized cybercrime, but which has its limits
Once Gold Pickaxe is in the system, it asks users to scan their identity documents, or even their faces. It even goes so far as to intercept text messages exchanged or request a selfie video as a confirmation method.
Ironically, Group-IB thinks that “ cybercriminals use their own devices to log into bank accounts » and even adds that “ Thai police have confirmed this hypothesis, saying that cybercriminals install banking apps on their own Android devices and use captured face scans to bypass facial recognition checks to carry out unauthorized access to victims’ accounts “. Nothing is left to chance.
It also seems that it is on Android that Gold Pickaxe is the most autonomous, the security levels being more demanding on Apple. Thus, on Android, the malware can navigate the file system, download photos, or even send false notifications.
However, Gold Pickaxe does not hijack Face ID data or exploit any vulnerabilities on the two OS. Biometric data stored on devices’ secure enclaves is always properly encrypted and completely isolated from running applications. A lesser evil.
Despite Google’s efforts to strengthen its mobile OS, Android is far from immune to risks. Here is our list of the best antiviruses for Android in February 2024.
Read more
Sources: PC Mag, Bleeping Computer, Infosecurity Magazine
1