Your biometric data is at risk: beware of this new virus!

A new virus called GoldPickaxe is causing trouble for people using iPhones and Android phones. Security experts from Group-IB found this virus, which steals fingerprints and facial scans. The virus pretends to be an app and tricks people into giving away their personal info, putting them at risk of unauthorized access to their private data, banking accounts, and other personal details.

A new virus named GoldPickaxe which is capable of stealing fingerprints and facial scans, has recently been uncovered by security experts from Group-IB on both iOS and Android platforms. This type of fraudulent activity, involving the theft of biometric data, is unprecedented according to the specialists.

Currently, GoldPickaxe is primarily spreading in Southeast Asia, masquerading as an application related to Thai government services. To infiltrate users' personal information, the virus prompts individuals to take a photo of their ID card and undergo a facial scan. Subsequently, the stolen data is transmitted to the cyber attackers.

The Trojan operates discreetly, utilizing various artificial intelligence models to create convincing deepfake images by morphing the victims' faces. Once armed with this manipulated data, hackers gain unauthorized access to the victims' bank accounts, posing a significant threat to users' financial security.

"GoldPickaxe Trojans for iOS and Android platforms have additional capabilities, such as requesting the victim's ID documents, intercepting SMS, and proxying traffic through the victim's infected device. These functionalities will be detailed in the next section. GoldPickaxe does not directly perform unauthorized transactions from the victim's phone. Instead, it collects all the necessary information from the victim to autonomously access the victim's banking application. Facial recognition is actively used by Thai financial organizations for transaction verification and login authentication. As a result, GoldPickaxe's facial recognition video capture capabilities, combined with the ability to intercept SMS messages and obtain photos of ID documents provide cybercriminals with the opportunity to gain unauthorized access to bank accounts. Nevertheless, we have not observed documented cases of cybercriminals utilizing this stolen data to gain unauthorized access to victims' bank accounts in the wild.", says the analytics report made by Group-IB.

It's worth noting that GoldPickaxe avoids official app marketplaces (like App Store or Google Play Store) and instead relies on third-party services to propagate. The attackers employ deceptive tactics, posing as government officials to convince users to install the malware willingly. Unfortunately, many victims unknowingly comply with these requests, falling prey to the disguised threat.

Group-IB emphasizes that the Android version of GoldPickaxe is more potent, providing hackers with additional capabilities. Despite the investigation, the authors of the virus remain unidentified. However, researchers at Group-IB have discovered debugging strings in Chinese, hinting at possible connections to the origin of the malware.