A new threat has emerged in the form of the GoldPickaxe trojan, which has evolved from its predecessor, the GoldDigger Android trojan. Unlike its predecessor, GoldPickaxe is capable of infecting both iOS and Android devices, marking a significant escalation in its capabilities. Initially discovered by security firm Group-IB, the threat has been identified as the world’s first iOS trojan.
Once installed on an iPhone, GoldPickaxe can gather sensitive information such as biometric data from photos, and SMS text messages, and intercept web activity. Moreover, victims may be targeted by malicious actors posing as bank representatives, soliciting personal information such as pictures of ID cards. Utilizing AI-based tools, threat actors can exploit this data to compromise victims’ bank accounts.
Currently, the GoldPickaxe trojan has primarily targeted users in Vietnam and Thailand, masquerading as over 50 financial institution apps. However, Group-IB warns that both GoldPickaxe and its predecessors, GoldDigger and GoldKefu, are continuously evolving, indicating a need for heightened vigilance among users.
The distribution methods for GoldPickaxe have evolved as well. While the iPhone trojan was initially distributed through the iOS TestFlight beta testing system, Apple has since taken steps to address this. However, the latest iteration of the trojan is being disseminated through malicious iOS mobile device management (MDM) profiles.
To safeguard against the GoldPickaxe trojan and similar threats, users are advised to take several precautions:
- Refrain from installing iPhone apps through Apple’s TestFlight unless the developer is fully trusted and the app’s legitimacy can be verified.
- Install apps exclusively from the official App Store, and verify the developer’s authenticity whenever possible.
- Exercise caution when installing iPhone MDM profiles, ensuring they originate from a trusted source such as your IT administrator or workplace.
- Avoid sharing personal or sensitive information, including photos and ID cards, through phone calls, video calls, or other communication channels if prompted by unfamiliar parties.
- If there are concerns regarding a financial account, access it directly through the bank or institution’s official website rather than responding to unsolicited calls or clicking links.
- Keep your iPhone up to date with the latest software updates from Apple, including Rapid Security Response updates designed to address emerging threats in between regular releases.
By adhering to these guidelines, users can mitigate the risk posed by the GoldPickaxe trojan and protect their devices and sensitive information from compromise.
