A trojan that is being dubbed GoldPickaxe.iOS is currently active in the wild. The Goldpickaxe trojan, which affects all iOS devices including iPhone and iPad targets users to steal their bank accounts.
What is GoldPickaxe.iOS Trojan?
The GoldPickaxe.iOS trojan, which cybersecurity company Group-IB first revealed can steal targeted user’s facial recognition data, banking information, ID documents, and SMS.
This particular trojan, which is said to be the first-ever trojan on iOS was first developed for Android and has since been ported to iOS to target iPhones and iPads. The Android version of the Trojan is known as GoldDigger Trojan.
Personal information stolen through GoldDigger Trojan becomes dangerous when hackers use it to create deepfakes and access users’ bank accounts.
How do attackers use GoldPickaxe to target iOS devices?
Initially, hackers were spreading the GoldDigger Trojan with the help of Apple’s TestFlight app testing service however since Apple has stopped it, they are now using Mobile Device Management (MDM) profiles to spread this trojan and target users.
Attackers try to make users install malicious MDM profiles on their iOS devices and then download an app from outside the App Store. After the user falls for this trap, they can then collect data from the user’s device.
According to the report by Group-IB right now GoldDigger Trojan has been used to target iOS users in Thailand and Vietnam, however, it can also be used to target users elsewhere.
iOS 17.4 is still vulnerable to GoldDigger Trojan
Apple has recently released iOS 17.4 update that brings more than 40 security fixes for iPhones and iPads. However GoldPickaxe trojan was not one of them, which means iOS devices are still vulnerable to this trojan.
Things you can do to protect yourself from the GoldPickaxe trojan
There are a few things that you can do to stay protected from the GoldPickaxe.iOS trojan. By following these tips your device and banking information can stay protected.
- Avoid installing iPhone Mobile Device Management (MDM) profiles from untrusted sources. Only install the MDM profile that was provided to you by a source that you fully trust. This could be the organization or company you work for, your IT administrator, etc.
- Avoid using Testflight apps from unknown or untrusted developers. Even though Apple has stopped GoldPickaxe’s spread through the TestFlight service, it is still advisable to avoid installing beta apps through TestFlight from developers you don’t know or trust.
- Avoid sharing your personal information including your ID cards, photos, videos, etc with people you don’t trust. The rise in deepfake technology can help hackers create a digital persona of you and use it to gain access to your bank accounts.
- Install the latest version of iOS on your device. As of today iOS 17.4 is the latest available version of iOS.
