According to the Feb 15th report by Group-IB, the malware steals the users facial image with video and stills and gets them to upload the images and PII to their C2 servers. The threat actors have been using “multi-staged social engineering scheme” to persuade victims to install a Mobile Device Management (MDM) profile that gives them full control of the user’s device. The malware affects iOS and Android devices.
According to Group-IB the trojan was found disguising itself in 20 different applications from the Thailand’s government, the financial sector, and utility companies and stealing login credentials from these services.
Approov Mobile Security CEO Ted Miracco offers some thoughts on this malware and attacker’s approach:
“While the social engineering piece of this attack is common, and stealing facial data isn’t entirely new, the focus on deepfake creation for financial fraud is a concerning and very recent development, that wouldn’t have been possible a couple years ago. This is part of the rapidly evolving threat landscape that are 100% enabled through the use of AI technologies.
“At this time, the GoldPickaxe malware can trick users into generating images and videos from their iOS and Android phones. This is not the same as stealing biometric data that is stored on the device’s secure enclave and is encrypted and remains secure. This malware is not breaching the Face ID functionality nor breaching either of the two mobile OSes security features, so at this time there is no reason to fear widespread attacks, and there is no reason to disable biometric support from the apps and phones that enable them.
“There are several things that can be done to prevent these kinds of attacks. Endpoint detection and response (EDR) and runtime application self protection (RASP) are solutions specifically designed for mobile devices to detect and respond to malicious activity in real time.
“It’s extremely unlikely that “GoldPickaxe” will slow facial recognition development, however, it serves as a wake-up call for responsible development and implementation of security mechanisms to detect deep fakes and other fraud.”
This is pretty scary as it’s always been thought that biometrics are an excellent way to secure your device. Clearly given the existence of this malware, that no longer appears to be the case. And it proves that threat actors will stop at nothing to get what they want.
Like this:
Like Loading...
Related
This entry was posted on February 16, 2024 at 8:10 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New iOS And Android Malware Takes Over Your Device And Steals Your Facial Image To Commit Fraud
According to the Feb 15th report by Group-IB, the malware steals the users facial image with video and stills and gets them to upload the images and PII to their C2 servers. The threat actors have been using “multi-staged social engineering scheme” to persuade victims to install a Mobile Device Management (MDM) profile that gives them full control of the user’s device. The malware affects iOS and Android devices.
According to Group-IB the trojan was found disguising itself in 20 different applications from the Thailand’s government, the financial sector, and utility companies and stealing login credentials from these services.
Approov Mobile Security CEO Ted Miracco offers some thoughts on this malware and attacker’s approach:
“While the social engineering piece of this attack is common, and stealing facial data isn’t entirely new, the focus on deepfake creation for financial fraud is a concerning and very recent development, that wouldn’t have been possible a couple years ago. This is part of the rapidly evolving threat landscape that are 100% enabled through the use of AI technologies.
“At this time, the GoldPickaxe malware can trick users into generating images and videos from their iOS and Android phones. This is not the same as stealing biometric data that is stored on the device’s secure enclave and is encrypted and remains secure. This malware is not breaching the Face ID functionality nor breaching either of the two mobile OSes security features, so at this time there is no reason to fear widespread attacks, and there is no reason to disable biometric support from the apps and phones that enable them.
“There are several things that can be done to prevent these kinds of attacks. Endpoint detection and response (EDR) and runtime application self protection (RASP) are solutions specifically designed for mobile devices to detect and respond to malicious activity in real time.
“It’s extremely unlikely that “GoldPickaxe” will slow facial recognition development, however, it serves as a wake-up call for responsible development and implementation of security mechanisms to detect deep fakes and other fraud.”
This is pretty scary as it’s always been thought that biometrics are an excellent way to secure your device. Clearly given the existence of this malware, that no longer appears to be the case. And it proves that threat actors will stop at nothing to get what they want.
Share this:
Like this:
Related
This entry was posted on February 16, 2024 at 8:10 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.