Security company Group-IB has discovered a new Trojan for iOS called GoldPickaxe.iOS. It has the capacity to steal facial recognition data, ID cards, SMS and other information that can be used to hack victims’ bank accounts. reports Tom’s Hardware portal.
It is stated that the Trojan belongs to the GoldDigger family, which was originally developed for Android. GoldPickaxe.iOS was initially distributed through the TestFlight service, where beta versions of applications are tested before being released to the App Store. Shortly after the app was removed from the Apple service, scammers began distributing it through an MDM profile used to manage and configure corporate devices.
Now scammers are convincing users to install a malicious profile that allows them to download a Trojan, bypassing the App Store. After that, attackers can access all the victims’ data.
According to Group-IB, the majority of the Trojan’s victims are in Vietnam and Thailand, but users in other countries may also be affected. Experts have already informed Apple about the detected problem.
Russians before warned About fraud using a banking app update.