While Apple’s airtight ecosystem doesn’t allow malware to slip through the cracks, a recent report by Group-IB may prove worrisome. The first-ever iOS malware or trojan attacking iOS devices has been discovered and it is designed to steal the Face ID data of iOS users to commit banking fraud. Here is everything you need to know about the GoldDigger trojan attacking iOS devices and how to protect your iPhones from it.
What is GoldDigger Trojan That is Affecting iOS users?
According to the Group-IB report, the GoldDigger trojan has been ported from Android to iOS. The malware is called GoldDigger because of the term GoldActivity in the APK. The same agency has now found a new sophisticated version of the trojan called GoldPickaxe aimed at iOS users. The group also found a more advanced version called GoldDiggerPlus, which allows hackers to call victims in real time on infected devices.
The #GoldDigger family grows: Group-IB’s TI Unit finds GoldPickaxe.iOS, the first #iOS #Trojan harvesting #FacialRecognition data for unauthorized bank access, targeting #APAC. It is linked to the GoldDigger family discovered last October. Learn more: https://t.co/pC4AAubb47 pic.twitter.com/APRROpufHb
— Group-IB Threat Intelligence (@GroupIB_TI) February 15, 2024
The newer version of the malware is designed to receive regular updates to improve its capabilities to evade detection, which makes it even more dangerous. The GoldPickaxe is intended to steal facial recognition data, identity documents, and intercept SMS. It can then use the collected biometric data to create deepfakes using an AI face-swapping feature to commit banking fraud and siphon users’ bank accounts.
The malware developed by GoldFactory was first discovered in October in Vietnam and is currently affecting users in Vietnam and Thailand. However, the report suggests that once the malware is proven to be effective, it’s only a matter of time before the trojan arrives in other parts of the world as well.
How GoldDigger Trojan Works?
The cybercriminals used Apple’s beta testing platform called the TestFlight program. Apple was quick to recognise the malicious app and remove it.
Now, hackers are using Mobile Device Management (MDM), which is used by corporations and businesses to manage company devices. Miscreants persuade unsuspecting iOS users to install a sophisticated MDM profile containing the dangerous trojan on their iPhones to gain access to the device.
How to Protect Your iPhone Against GoldDigger Trojan?
As mentioned before, Apple is already aware of the trojan according to the report, and is working on a fix. However, there are a couple of ways to keep your device safe. The first and most important tip is to avoid installing any app from TestFlight or avoid installing TestFlight on your device altogether.
Secondly, be extremely cautious about installing any MDM profile on your iPhone. However, if you use a corporate iPhone and for some reason use banking apps on the same device, it would be best to enable the Lockdown Mode on your iPhone. While this will restrict the usage of iPhone, it will protect your data against any malicious MDM profile pushed by the IT department of your company. Here are the steps to enable Lockdown Mode on iPhone.
- Open the Settings app on your device.
- Tap on Privacy & Security.
- Scroll to Lockdown Mode and turn it on.
- Tap on Turn On & Restart.
- Enter your passcode.
