New Virus Targeting iOS Users in Vietnam and Thailand Capable of Stealing Biometric Data

A recently identified Trojan virus has emerged as a significant threat to iPhone users in Vietnam and Thailand, posing a serious risk by compromising biometric security measures and stealing sensitive data, including facial recognition information. Named GoldPickaxe, this malicious software represents a concerning development in the realm of iOS cybersecurity, closely linked to the previously reported GoldDigger Trojan by cybersecurity firm Group-IB.

According to a warning issued by the Vietnamese Ministry of Information and Communications’ Authority of Information Security in February, an incident in Hanoi involved a user falling victim to a counterfeit public service application, likely a conduit for the GoldPickaxe Trojan. The unsuspecting user was prompted to provide a video clip for identity verification, only to discover the next day that unauthorized transactions had depleted their account and transferred significant funds elsewhere, highlighting the Trojan's ability to exploit biometric authentication.

Group-IB has suggested that this targeted attack could signify a broader campaign aimed at Vietnamese users. Concerns about GoldPickaxe's capabilities were further underscored at a conference on Asian banking and finance held in HCMC, where cybersecurity experts expressed apprehension about its potential impact.

Troy Le, a representative of cybersecurity tool BShield, emphasized the danger posed by GoldPickaxe, noting its cross-platform threat to both iOS and Android devices and its proficiency in harvesting biometric data. This presents a particularly alarming prospect for Thailand, where biometric security measures are increasingly integrated into major transactions, potentially exacerbating the Trojan's impact.

The modus operandi of hackers involves leveraging social engineering tactics to deceive users into installing counterfeit applications. In the case of the Hanoi victim, the perpetrators masqueraded as legitimate entities to dupe users into downloading malicious software. Similarly, in Thailand, the Trojan has been disseminated under the guise of utility applications, such as those purporting to facilitate tax payments or electricity bill management.

On Android devices, GoldPickaxe can be clandestinely installed through a simple apk file, while on iOS, hackers exploit platforms like Apple’s TestFlight or coerce users into installing mobile device management tools to gain unauthorized access. Once installed, the Trojan assumes control over various device functions, including blocking SMS filters and Internet access, while coercing users into providing personal information and video footage for identity verification.

The harvested data, including facial recognition information and IP addresses, serves as fodder for fraudulent activities, facilitated by deepfake and artificial intelligence technologies. Troy Le cautioned that the insidious nature of the Trojan allows hackers to circumvent direct transactions from victims' devices, instead utilizing stolen information to infiltrate banking applications from alternate devices.

In light of these threats, the Authority of Information Security advises users to exercise caution when sharing personal data or downloading applications from dubious sources. However, the evolving tactics employed by hackers underscore the need for proactive measures from both individuals and financial institutions to mitigate risks. Troy Le stressed the imperative for banks and financial service providers to fortify their defenses against cyber threats, highlighting the persistent vulnerabilities that leave customers susceptible to exploitation.

As cyber threats continue to evolve, bolstering cybersecurity protocols remains paramount to safeguarding sensitive data and preserving the integrity of digital transactions in an increasingly interconnected world.