News & Updates

6516f2c7c4366f6f8ad96523 1709323356144


Stolen iOS users face scans used to break into bank accounts

In a concerning development, Chinese-speaking cybercrime group known as GoldFactory has been identified as the mastermind behind a series of cyber attacks targeting iOS users. The group has been distributing trojanized smartphone apps designed to dupe unsuspecting users into unwittingly compromising their biometric data through face scan theft.


One of the primary methods employed by these cybercriminals is the deceptive practice of tricking users into performing biometric verification checks under false pretenses. By masquerading as legitimate apps or services, GoldFactory is able to coerce users into granting access to their facial recognition data, which is then harvested for malicious purposes.


Of particular concern is the group’s ability to bypass security checks that are typically employed by legitimate banking apps in countries like Vietnam and Thailand. By exploiting vulnerabilities in the app ecosystem, GoldFactory is able to circumvent established security protocols and gain unauthorized access to sensitive user information.


The implications of these cyber attacks are significant, as compromised biometric data can be leveraged for identity theft, fraudulent transactions, and other malicious activities. Moreover, the sophisticated tactics employed by GoldFactory highlight the evolving nature of cybercrime and the need for constant vigilance among smartphone users.


As iOS users become increasingly reliant on biometric authentication methods such as face recognition, it is imperative that they exercise caution when granting permissions to unknown apps and remain vigilant against potential phishing attempts. By staying informed about the latest cyber threats and adopting best practices for online security, users can mitigate the risk of falling victim to face scan theft and other forms of cybercrime.


iOS version of GoldPickaxe targeting users in Thailand


Recent reports have highlighted a concerning cybersecurity threat targeting users in Thailand through the iOS version of GoldPickaxe. The malicious app has been identified masquerading as the Thai government’s official digital pensions app, preying on unsuspecting users and leading to significant financial losses. This sophisticated attack mirrors similar incidents that have been reported in Vietnam, raising alarms about the growing trend of cyber fraud in the region.


Masquerading as the Thai government’s official digital pensions app


The iOS version of GoldPickaxe operates under a deceptive guise, posing as a legitimate application affiliated with the Thai government’s digital pensions services. By impersonating a trusted entity, the app gains access to sensitive information and financial details of users who download it, putting their personal data at serious risk. The malicious actors behind this scheme exploit the reputation of official institutions to deceive individuals and carry out fraudulent activities.


Similar attacks reported in Vietnam


Incidents resembling the GoldPickaxe attack have also been documented in Vietnam, where cybercriminals have targeted users through fraudulent apps and online platforms. These attacks share commonalities in their methods and objectives, indicating a coordinated effort to exploit vulnerabilities in digital systems and compromise user security. The spread of such malicious activities across borders underscores the need for heightened vigilance and improved cybersecurity measures in the region.


Theft of tens of thousands of dollars


As a result of the iOS version of GoldPickaxe’s nefarious activities, victims in Thailand have suffered substantial financial losses, with reports estimating the theft of tens of thousands of dollars from affected users. The covert nature of the attack, coupled with the app’s false association with government services, has made it challenging for individuals to detect the fraud until it is too late. The significant sums stolen highlight the devastating impact of cybercrime on unsuspecting individuals and underscore the urgency of combatting such threats effectively.


Sophistication of GoldPickaxe.iOS


The GoldPickaxe.iOS Trojan represents a new level of sophistication in cyber threats, particularly on the iOS platform. This insidious malware is equipped with a range of advanced functionalities that enable it to carry out nefarious activities with alarming ease.


  • Collecting victims’ biometric data: One of the most concerning capabilities of GoldPickaxe.iOS is its ability to harvest biometric data from unsuspecting victims. This includes fingerprint scans and facial recognition information, posing a grave privacy risk.
  • ID documents: In addition to biometric data, the Trojan is designed to intercept and steal ID documents stored on the infected device. This could lead to identity theft and further exploitation of personal information.
  • Intercepting SMS: GoldPickaxe.iOS also has the ability to intercept SMS messages, potentially gaining access to sensitive information such as authentication codes or confidential communication between the victim and others.
  • Proxying traffic: Furthermore, the Trojan can proxy network traffic, allowing the threat actors behind it to monitor and manipulate communications between the device and external servers. This opens up possibilities for various malicious activities.


The alarming aspect of GoldPickaxe.iOS is that it marks the first instance of such a sophisticated Trojan being observed on iOS devices by security researchers at Group-IB. While iOS has long been considered more secure than other operating systems, this discovery highlights the evolving nature of cyber threats targeting Apple’s ecosystem.


Moreover, while GoldPickaxe.iOS is a significant threat to iOS users, its Android counterpart boasts even more functionalities. This stark contrast can be attributed to the tighter restrictions imposed by Apple on app developers, making it more challenging for malicious actors to deploy complex malware on iOS devices.


Overall, the emergence of GoldPickaxe.iOS serves as a stark reminder of the importance of staying vigilant against evolving cyber threats and taking proactive measures to safeguard personal data and devices.


Methods used to target iOS devices


When it comes to targeting iOS devices, hackers and cybercriminals have devised various sophisticated methods to infiltrate these secure systems. Understanding the tactics they employ is crucial in safeguarding your devices and data.


Abuse of Apple’s TestFlight platform


One common method used to target iOS devices is the abuse of Apple’s TestFlight platform. TestFlight is designed for developers to distribute beta versions of their apps for testing purposes. However, cybercriminals have exploited this platform by uploading malicious apps disguised as legitimate ones. Unsuspecting users who download these apps expose their devices to various risks, including data theft and malware installation.


Social engineering to enroll devices in an MDM program


Social engineering is another tactic employed to target iOS devices. Cybercriminals use manipulation and deception to trick users into enrolling their devices in a Mobile Device Management (MDM) program controlled by the hackers. Once enrolled, the hackers gain extensive control over the device, enabling them to access sensitive information, track user activity, and deploy malicious software without the user’s knowledge.


Impersonating government authorities on the LINE messaging app


Impersonating government authorities on messaging apps like LINE is a cunning method used to target iOS devices. Hackers pose as law enforcement or government officials and send convincing messages to users, claiming that their devices are compromised and instructing them to click on a link for further instructions. Once the link is accessed, malware is installed on the device, granting the hackers unauthorized access and compromising the user’s privacy and security.


Being aware of these tactics and maintaining a vigilant attitude towards unsolicited messages, suspicious links, and unauthorized app downloads is essential in protecting your iOS device from potential threats.


Application of Deepfake Technology


Deepfake technology, once a concept of science fiction, has now become a concerning reality in our modern digital age. The malicious application of deepfake technology has raised significant cybersecurity and privacy concerns, especially in the realm of identity theft and financial fraud.


Generating Models of Victims’ Faces


One of the alarming uses of deepfake technology involves generating models of victims’ faces using stolen biometric scans. This unethical practice allows malicious actors to create highly realistic digital replicas of individuals without their consent or knowledge. These fabricated models can then be used to impersonate victims in various online scenarios.


Breaking into Victims’ Banks


Using these deepfake models, along with stolen identity documents and intercepted SMS messages, cybercriminals can orchestrate sophisticated schemes to break into victims’ bank accounts. By leveraging the power of AI-generated impersonations, fraudsters can deceive security protocols and gain unauthorized access to sensitive financial information.


Reminder of Mature Technology for Real-World Attacks


It is crucial to understand that deepfake technology is no longer confined to experimental projects or theoretical discussions. The technology has advanced to a point where it can be effectively weaponized for real-world attacks. As a result, individuals and organizations must remain vigilant and implement robust cybersecurity measures to protect themselves against the misuse of deepfake technology.


Ultimately, the widespread adoption of deepfake technology underscores the importance of promoting digital literacy, enhancing cybersecurity protocols, and fostering a culture of critical thinking in the face of evolving technological threats.


Evolution of Gold malware family


The Gold malware family has seen significant evolution over the years, with each iteration introducing new features and capabilities. One of the latest additions to this family is GoldPickaxe, a trojan developed by GoldFactory that combines advanced functionalities with malicious intent.


Before GoldPickaxe, the Gold malware family included variants like GoldDigger, GoldDiggerPlus, and GoldKefu, each designed with unique primary goals in mind. These previous iterations laid the groundwork for the sophistication seen in GoldPickaxe.


One of the key highlights of GoldPickaxe is its sophisticated functionality, which includes the ability to facilitate real-time video and voice calls. This feature allows the malware to not only infiltrate a system but also actively monitor and potentially record audio and visual data, posing a significant threat to user privacy and security.


The evolution of the Gold malware family showcases the adaptability and innovation of cybercriminals in creating increasingly advanced and potent threats. As technology advances, so too does the complexity of malware, making it essential for users to stay vigilant and employ robust cybersecurity measures to protect against such threats.


Conclusion and Need for Proactive Cybersecurity


Cybersecurity is a dynamic battlefield where cybercriminals are constantly evolving their tactics to exploit vulnerabilities. The digital landscape is fraught with threats that can compromise sensitive information and disrupt operations. In such a volatile environment, the proactive stance is crucial for safeguarding against cyber attacks and ensuring data security.


It is essential to adopt a multi-faceted approach to cybersecurity that encompasses not only state-of-the-art technologies but also comprehensive strategies and user awareness. With the ever-changing nature of cyber threats, organizations must stay ahead of the curve by continuously updating their defense mechanisms.


User education plays a pivotal role in enhancing cybersecurity. Employees and individuals need to be adequately trained to recognize potential risks such as phishing scams and social engineering tactics. By empowering users with knowledge, organizations can create a human firewall that strengthens overall security posture.


Modern security approaches integrate advanced technologies such as artificial intelligence, machine learning, and behavioral analytics to detect and mitigate threats in real-time. These tools provide organizations with the ability to identify anomalies and respond swiftly to potential breaches.



In conclusion, proactive cybersecurity is indispensable in today’s digital age. To combat the relentless evolution of cybercriminal tactics, organizations need to adopt a multi-faceted approach that includes user education and modern security technologies.

Managed Detection and Response

MDR is a managed security service that provides 24/7 threat detection and response, expert-led threat hunting, and incident response capabilities.

Compliance and Governance

Developing a custom Risk Management and Compliance strategy can be extremely complicated. CISS has the experience to effectively get you on the right path.

Emergency Incident Response Team

CISS has a Incedent Response team to help mitigate issues 24/7 and 365. CISS can take immediate action to secure your network.

Professional IT Services

CISS can assist in developing automation and workflows that keep compliance at the forefront. Delivering many of the routine operations and processes while freeing your team.

Vulnerability Scans and Penetration Testing

MDR is a managed security service that provides 24/7 threat detection and response, expert-led threat hunting, and incident response capabilities

Privilege Access Management / SSO

CISS has a comprehensive suite of curated solutions to manage access to all your organizations' information securely and documented for Compliance.

Cloud Security and Services

From offsite backup solutions to complete security management of virtually any cloud platforms or service such as Microsoft, Amazon, Google, and Salesforce.

Endpoint Security / NDR / XDR

CISS offers a full suite of protections starting with endpoint security for your devices, NDR (Network, Detect, and Response) and XDR (Extended Detection and Response)