Learn about the emergence of a banking Trojan malware that targets biometric information, including facial scans, and the need for enhanced security measures. Discover tips to protect yourself from biometrics scams.
The Rise of Face-Stealing Trojan Malware
( Credit to: Technology )
As technology advances, cyber threats become more sophisticated. It is crucial for users to safeguard their personal data. Discover the emergence of a banking Trojan malware that targets biometric information, including facial scans, and the need for enhanced security measures.
( Credit to: Technology )
The latest alarming development in cybersecurity is the rise of a Trojan malware called GoldPickaxe.iOS. This deceptive malware tricks users into divulging their personal identification and phone numbers, as well as conducting face scans. By disguising itself as a legitimate app, it gains access to comprehensive facial biometric profiles and ID card photos. Hackers also acquire victims' banking information, enabling unauthorized access to their accounts.
Group-IB's investigation reveals the involvement of a threat actor known as 'GoldFactory.' This Chinese-speaking actor developed an intricate social engineering scheme to manipulate victims into granting permissions necessary for the malware to function. The malware installs a Mobile Device Management (MDM) profile, granting hackers access to intrusive features such as remote wipe, device tracking, and application management.
The Intentions Behind the Scam
( Credit to: Technology )
GoldPickaxe.iOS doesn't directly steal money from victims' devices, but it gathers essential information to create video deepfakes and gain access to banking data. While no instances of cybercriminals using this data to open bank accounts have been documented, there are reports of cybercriminals using banking apps on Android devices to gain unauthorized access to victims' accounts.
Protecting Your Biometric Data
Given the potential spread of this scam beyond Thailand, it is crucial to remain vigilant and adopt preventive measures. Here are some tips to protect yourself from biometrics scams:
- Be cautious of individuals claiming to be government officials. Disconnect and try calling back immediately. If you cannot reach them or they do not answer, it is likely a scam.
- Avoid clicking on links received via text messages or apps like LINE.
- Do not accept friend requests from strangers on LINE. Instead, contact them first via phone call or social media.
- Only download apps from trusted sources such as Google Play and the App Store. Avoid installing apps from random websites, links, or QR codes.
- Only perform face scans for legitimate banking websites or apps.
- Check your iPhone's settings menu to verify if any unauthorized settings profiles are installed.
- Prior to installing any app, review its permissions, especially when it requests accessibility service.
- If you receive a bank alert, contact your bank directly rather than responding through the alert message.
Conclusion
The discovery of the world's first banking Trojan malware targeting biometric information serves as a wake-up call for individuals to take proactive steps in protecting their personal data. By following the recommended precautions and staying informed about the latest cybersecurity risks, users can better safeguard their biometric information and mitigate the risks associated with face-stealing Trojan malware.
