Beware, iPhone users: First-ever iOS GoldDigger trojan can steal face ID and bank accounts

18comments
Beware, iPhone users: First-ever iOS GoldDigger trojan can steal face ID and bank accounts
Many people choose iPhones instead of Android phones because they think iPhones are more secure. But that might not be the case anymore because there is a new banking trojan out there that is specifically made to attack iPhone users.

As per a detailed report by the cybersecurity company Group-IB (via Tom’s Guide), the Android trojan GoldDigger has now been effectively adapted to target iPhone and iPad users. The company asserts that this might be the first trojan crafted for iOS, posing a significant threat by gathering facial recognition data, ID documents, and even SMS.

Found for the first time last October, the trojan now has a new version called GoldPickaxe, tailor-made for both Android and iOS devices. When it gets into an iPhone or Android phone, GoldPickaxe can gather facial recognition data, ID documents, and intercepted text messages, all aimed at making it simpler to grab funds from banking and other financial apps. To add to the trouble, this biometric data is used to craft AI deepfakes, allowing attackers to impersonate victims and get into their bank accounts.

It is important to mention that right now, the GoldPickaxe trojan is focusing on victims in Vietnam and Thailand. Yet, as seen in other malware schemes, if this one hits the jackpot, the cybercriminals running it might broaden their reach to target both iPhone and Android users in the US, Europe, and the rest of the world.

Android banking trojans are usually spread through dodgy apps and phishing schemes. Getting a trojan onto an iPhone is trickier because Apple's ecosystem is more closed off compared to Google's. However, as hackers tend to do, they've figured out a way.

Initially, the trojan was spread through Apple’s TestFlight, a platform allowing developers to release beta app versions without the App Store’s review process. But after Apple took it down from TestFlight, the hackers switched to a more advanced method involving a Mobile Device Management (MDM) profile, typically used for managing enterprise devices.


As per Group-IB, a lone threat actor known as GoldFactory is behind the creation of both versions of the GoldPickaxe banking trojan. Yet, following their initial research, the security researchers at the firm stumbled upon a new variant called GoldDiggerPlus. The "Plus" here means the malware now lets hackers make real-time calls to their victims on an infected device.

Given how profitable a banking trojan like GoldDigger or GoldPickaxe can be — especially when it can target iPhones as well as Android phones — this likely isn’t the last we will hear about this malware or the hackers behind it.

As of now, even the most recent versions of iOS and iPadOS appear to be susceptible to this trojan. Group-IB has notified Apple about the issue, so it's likely that the company is already in the process of developing a fix.

How to keep your iPhone safe?


To safeguard your iPhone from malware, it is crucial to follow some simple steps:

  • Stick to trusted app sources: Avoid installing apps from sources you don’t trust.
  • Avoid TestFlight: Don’t install apps through TestFlight, as this platform isn't vetted like the App Store.
  • Keep your device updated: Install all the latest software updates released by Apple.
  • Practice good cyber hygiene: Be cautious and avoid unnecessary risks while using your device.

By following these steps, you can help protect yourself and your iPhone from hackers and malware threats.
Create a free account and join our vibrant community
Register to enjoy the full PhoneArena experience. Here’s what you get with your PhoneArena account:
  • Access members-only articles
  • Join community discussions
  • Share your own device reviews
  • Build your personal phone library
Register For Free

Recommended Stories

Loading Comments...
FCC OKs Cingular\'s purchase of AT&T Wireless