A cybersecurity firm has revealed that iPhones are being targeted by a rare Trojan called GoldDigger, with the malware being part of a group of aggressive banking Trojans that has affected users in the Asia-Pacific (APAC) region.
The malware group previously spotted only affected Android users, but now a new version has been discovered that specifically targets iOS and steals facial recognition data and other sensitive information from devices. This development is rare given that Apple is known to be proactive in Issuing security patches for its operating system.
Cybersecurity firm Group-IB was behind the iOS Trojan discovery, and the group has been tracking it since October 2023, when it first found a new Android malware variant and named it GoldDigger.
The malware was discovered to be a banking Trojan that steals financial information and targets banking applications, e-wallets and cryptocurrency wallets. It was first spotted in Vietnam but was later identified as a group that was affecting the entire Asia-Pacific region.
In its findings, the group noted that “a new, sophisticated mobile Trojan specifically targeting iOS users, dubbed GoldPickaxe by Group-IB,” was discovered. The malware is capable of stealing facial recognition data, identity documents, It can even intercept SMS messages.
The cybersecurity group also claimed that the threat actors behind the GoldDigger malware are likely leveraging face-swapping AI tools to create deepfakes based on Face ID data.
Then, using a combination of identity documents, access to SMS messages, and Face ID data, the hacker behind the program gains access to the victim’s iPhone and banking apps. The threat actors then conduct recurring banking transactions to steal the victim’s money. According to the IB-Group, This method of stealing money had not been seen before.
The malware was previously reported to have been distributed through the TestFlight app, which allows developers to beta test new features before rolling them out. However, it was quickly removed by Apple, and is now being spread through a multi-level social engineering technique that involves tricking victims into installing a profile. Mobile Device Management (MDM).
The Trojan is suspected to be linked to an organized Chinese-speaking cybercrime group, and is mainly affecting Vietnam and Thailand, and there is a possibility that it could spread to other regions as well. The cybersecurity group stated that it informed Apple about the Trojan, and it is likely that the manufacturer of the iPhone iPhone is already in the process of creating a fix.