New Malware Alert: “GoldPickaxe” Targets iOS and Android Users!

New Malware Alert: “GoldPickaxe” Targets iOS and Android Users!

Case Background

On February 15, 2024, cybersecurity firm Group-IB uncovered a sinister threat: the GoldPickaxe malware. GoldPickaxe preys on unsuspecting iOS users, using a blend of social engineering and deepfake technology. It has both iOS and Android versions, with current impact primarily in Vietnam and Thailand.

GoldPickaxe does not directly steal users' bank funds, but only collects and steals users' sensitive information such as facial information, ID documents, and bank cards, and intercepts mobile phone text messages. The stolen facial information will be used to create deepfakes, create fake victim videos, and directly log in to the victim's bank account to steal money.

The iOS version of "GoldPickaxe" is spread through Apple's TestFlight or by social engineering victims to install MDM configuration files; the Android version of "GoldPickaxe" is spread through mobile phone text messages, emails, phishing websites and Android markets.

Besides, a new variant called "GoldDiggerPlus" can forge alarms and customer service. When the victim clicks the fake alert to contact the customer service button, the malware will try to find a free carrier to call. It's as if cybercriminals are running a real customer service center.

Solutions

1) Apps Hardening:
Implement AISecurius App Hardening to safeguard against threats like memory injection, debugging, and log leakage; Protect sensitive data and files using 7 types of encryption; Detect vulnerabilities in existing apps and apply targeted fixes; Ensure code integrity and prevent data leaks.

2) Real-Time Monitoring:
AISecurius helps to monitor mobile app behavior, terminal devices, and operating environment; Establish a robust security system for early warning and risk tracing.

3) Financial Apps Security:
Leverage AISecurius Business Security Perception and Defense Platform to defend against theft risks in real time.

 

AISecurius | Fraud Detection | Apps Hardening

Scroll to top
Close Bitnami banner
Bitnami