New virus targeting iOS users in Vietnam, Thailand able to steal biometric data

By Luu Quy   March 29, 2024 | 07:57 pm PT
New virus targeting iOS users in Vietnam, Thailand able to steal biometric data
An iPhone scanning a person's face. Photo by VnExpress/Luu Quy
A Trojan that targets iPhone users in Vietnam and Thailand is capable of stealing login information, including facial recognition data, allowing it to bypass biometrics-based security measures.

GoldPickaxe, considered to be one of the first malicious programs to thrive in the iOS environment, is related to the GoldDigger Trojan that was reported by cybersecurity firm Group-IB last year.

In a warning it issued in February the Vietnamese Ministry of Information and Communications’ Authority of Information Security said a user in Hanoi was tricked into installing a counterfeit public service application.

The software requested a video clip for identity verification, and the next day stocks in the user’s account got sold and billions of dong were sent elsewhere.

Group-IB said the case might be a sign that GoldPickaxe is targeting Vietnamese users.

At a conference on Asian banking and finance held in HCMC in March, several organizations expressed deep concern about GoldPickaxe.

Troy Le, a representative of cybersecurity tool BShield, said the Trojan is dangerous since it thrives on both iOS and Android and is capable of collecting people’s biometric data.

For Thailand, which has successfully applied biometric security measures for major transactions, GoldPickaxe might become a major new challenge, he said.

Hackers first try to get the Trojan installed on people’s devices through social engineering, which refers to the use of deception to manipulate individuals into divulging confidential or personal information.

In the case of the Hanoi victim, they posed as authority figures to get users to install counterfeit applications.

In Thailand, a common method is to claim the Trojan is an application that helps with paying taxes and electricity bills.

On Android devices, the Trojan can be installed via a mere apk file. In the case of iOS, hackers take advantage of Apple’s TestFlight or persuade users to install mobile device management tools to gain control of the device.

Once installed, GoldPickaxe activates functions like blocking SMS filters and Internet access, and demands users verify their identities with personal documents along with video footage.

Data from the video is transferred back to the hacker and becomes material for fraud using deepfake and AI.

Troy Le said the Trojan silently collects users' data, including facial recognition data and IP addresses, to fool services into believing they are interacting with the real user.

"With such data, hackers do not need to perform direct illegal transactions from victims' phones. Instead, they collect all the necessary information to gain access to their banking applications from a different device."

The Authority of Information Security recommends users should not provide their personal data or install applications of unclear origins to ward off attacks.

However, as methods of attacks constantly change, many people can become victims even if they are vigilant.

As a security developer, Troy Le said banks and financial institutions should be proactive to prevent such risks to their customers.

He said several platforms and services still harbor vulnerabilities, allowing hackers to bypass protection and gain control of victims’ accounts.

"Banking and financial applications are always the first targets for hackers. As such, they need to build themselves protective mechanisms for their customers and their own services."

go to top