A new form of mobile malware named "GoldPickaxe" has been uncovered, which collects facial recognition data to produce deepfake videos, enabling hackers to bypass biometric authentication protections on banking apps. Recently uncovered by cyber security investigators, GoldPickaxe exists in both Android and iOS versions and was developed by a suspected Chinese hacking group called "GoldFactory." The malware has been active since 2023, specifically targeting victims in Vietnam and Thailand.
See: https://redskyalliance.org/xindustry/how-to-spot-a-deepfake-it-s-easy
The hackers rely heavily on social engineering tactics to distribute the malware. This includes sending phishing messages posing as government agencies or local banks to convince victims to click on links leading to fake apps infected with the malware. For iOS devices, the hackers convinced targets to install bogus Mobile Device Management (MDM) profiles that provided full control over devices to deploy the malware. Android users were directed to fake app store pages to download infected apps.[1]
Once installed, GoldPickaxe can harvest facial scans and identity documents, intercept text messages, and more. It's believed the biometric data is used to produce deepfake videos of victims. Combined with stolen credentials, these deepfakes let hackers bypass facial recognition protections on financial apps. GoldPickaxe is part of a suite of mobile banking trojans attributed to GoldFactory, including variants like GoldDigger and GoldDiggerPlus. These malware strains exhibit sophisticated capabilities, including abusing Android accessibility services for keylogging, deploying phishing pages, and voice/video calling features.
Experts warn that biometric authentication alone is not foolproof. As Sectigo's Jason Soroko commented, "Biometric authentication should rarely be used as a sole form of authentication... your fingerprints, your face, and your voice are not secrets." Researchers pointed out that "using malware and deepfakes to bypass biometric security is a newer and less common tactic, showing innovation among cybercriminals." The report and expert viewpoints highlight that a multifaceted security strategy is essential. Biometrics alone will fade as an authentication method, being replaced by multi-factor authentication (MFA).
Education on verifying app downloads, MFA, advanced threat detection, encrypted communications, and tighter mobile device management controls can all contribute to protecting users. As threats continue to evolve, AI-enabled defenses will likely play an elevated role as well.
As experts warn that biometric authentication alone is vulnerable, individuals and organizations must take a layered security approach. Maintaining vigilance against emerging attack vectors in the mobile landscape is also necessary to protect sensitive user data and financial information.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. Call for assistance. For questions, comments, a demo or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5993554863383553632
[1] https://www.secureworld.io/industry-news/mobile-malware-deepfakes-biometric-authentication
Comments