Security researchers have discovered an alarming new iOS Trojan dubbed “GoldPickaxe”. This malware targets users in Southeast Asia, primarily Thailand and possibly Vietnam. Its goal is to steal facial recognition data, likely for exploiting the growing adoption of this technology by banks and government agencies in the region.
GoldPickaxe works by disguising itself as legitimate government apps. It tricks users into taking photos of their ID cards and performing facial scans. The Android version is even more powerful. These Trojans don’t exploit iOS weaknesses; instead, they are installed by the victims themselves after being tricked into granting extensive device permissions.
Experts suspect a Chinese hacking group is behind GoldPickaxe. This malware could be used in conjunction with AI face-swapping to create deepfakes, allowing cybercriminals to bypass facial recognition security and access victims’ bank accounts.