Security firm Group-IB has identified a new iOS Trojan, named GoldPickaxe.iOS, designed to lift sensitive data from victims, including biometric facial recognition data, identity documents, SMS, and other information that could be exploited to compromise bank accounts. This finding was reported by Tom’s Hardware portal.
The threat is linked to the GoldDigger family, which originally targeted Android devices. GoldPickaxe.iOS appeared in the wild initially through the TestFlight beta testing channel, before being removed from the Apple beta testing service. In a new distribution tactic, scammers then employed a managed device solution via an MDM profile to push the malicious payload directly to iOS devices.
At present, the malicious profile enables the download and installation of the Trojan outside the official App Store funnel. Once installed, it can grant attackers extensive access to the user’s data, potentially facilitating identity theft and unauthorized financial transactions.
Group-IB reports that the majority of affected users are located in Vietnam and Thailand, though individuals in other regions may also be exposed as the campaign expands. Apple has been notified about the detected threat and is reviewing mitigations to protect users.
In a separate and related warning, fraud advisories have highlighted risks associated with counterfeit updates to banking apps, emphasizing the need for vigilance when updating financial software and licensing apps from trusted sources only. The security community continues to monitor evolving tactics used by attackers, including social engineering, fake profiles, and the abuse of legitimate device management tools to bypass standard app distribution controls.