New iOS Trojan Threatens iPhone Devices by Targeting Facial Recognition Data
Group-IB Uncovers iPhone Trojan Targeting Facial Recognition Data
The discovery of a new iOS trojan named GoldDigger has raised concerns among iPhone users, as it marks a departure from the typical threats faced by Apple devices. Unlike most malware that primarily targets Android systems, this aggressive banking trojan is specifically designed to infiltrate iOS devices, posing a significant risk to user security.
Uncovered by cybersecurity firm Group-IB, GoldDigger is part of a broader cluster of banking trojans wreaking havoc across the Asia-Pacific (APAC) region. Initially detected in Vietnam, the trojan has since expanded its reach, posing a threat to users throughout the APAC area.
What sets GoldDigger apart is its ability to pilfer sensitive data, including facial recognition information, identity documents, and intercepted SMS messages, raising alarms about the security of iPhone devices. Despite Apple’s reputation for proactive security measures, the emergence of GoldDigger underscores the evolving landscape of cyber threats targeting iOS users.
The cybersecurity group also claimed that the threat actors behind the GoldDigger malware likely take advantage of face-swapping AI tools to create deepfakes based on the Face ID data. Then, using a combination of identity documents, access to SMS, and Face ID data, the hacker behind the programme can gain access to the victim’s iPhone and their banking apps. The threat actors then make repeated bank transactions to steal the victim’s money. As per Group-IB, this method of monetary theft was previously unseen.
It was reported that the malware was earlier distributed through the TestFlight app, which lets developers beta-test new features before rolling them out, however, it was quickly removed by Apple. Now, it is being spread through a multi-level social engineering technique which involves tricking the victims into installing a Mobile Device Management (MDM) profile.
The trojan is suspected to be connected with an organised Chinese-speaking cybercrime group and is mainly affecting Vietnam and Thailand. There is a possibility that it might spread to other regions as well. The cybersecurity group stated that it has informed Apple about the trojan, and it is likely that the iPhone maker is already in the process of creating a fix.