This new malware can literally steal your face to use in fraud — Android and iOS devices both affected, so be on your guard

Chinese hackers are stealing biometric data to create deepfakes

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity researchers have discovered a new mobile trojan that literally looks to steal people’s faces to hack into theiraccounts.

The GoldPickaxe trojan steals biometric data and uses it to generate convincing deepfakes which can then be used to break into mobile banking applications, a report from Group-IB says.

GoldPickaxe is available for both Android and iOS, although for the latter, it has fewer features due to the closed nature of the iOS. Still, the existence of the iOS version marks a rare occasion ofmalwaretargetingApple’s mobileoperating system, the researchers said.

Thailand and Vietnam at risk

Besides stealing facial recognition data, GoldPickaxe also steals identity documents and intercepts SMS messages, getting more than enough information to break into mobile banking applications. The final step - actually logging into the banking app and withdrawing funds - is not being done on the targets’ devices. Instead, the crooks are installing banking apps on their own devices and logging in from there, Thai police confirmed to the researchers.

The experts believe the group behind the trojan is most likely GoldFactory, a Chinese-speaking threat actor that’s known for building GoldDigger, GoldDiggerPlus, and GoldKefu, all banking trojans.

In this instance, GoldFactory is targeting people in the Asia-Pacific region, with those in Thailand and Vietnam being most at risk.

To get the malware to work, the victim still needs to grant it relevant permissions. Hence, the attackers are impersonating local banks, and government organizations, and are engaged in a multi-stage social engineering scheme to manipulate victims into granting all the necessary permissions. They are not exploiting any vulnerabilities in either Android or iOS to install the malware - it’s all just social engineering.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

We don’t know exactly how many people are affected by this campaign, or how much money the hackers managed to steal with the malware.

Edit:

Following the publication of the article, aGooglespokesperson reached out to confirm that Android users are “automatically protected against this trojan:

“Android users are automatically protected against known versions of this malware byGoogle Play Protect, which is on by default on Android devices withGoogle PlayServices,” the spokesperson toldTechRadar Pro. “Google Play Protect can warn users or block apps known to exhibit malicious behavior, even when those apps come from sources outside of Play.”

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

MacBook Air OLED reportedly delayed until at least 2028 – here’s why