A Chinese-speaking threat actor known as GoldFactory has emerged as a significant player, responsible for the development of highly sophisticated banking trojans. Among its arsenal is a previously undocumented iOS malware named GoldPickaxe, capable of extracting sensitive personal data including identity documents, facial recognition information, and SMS interceptions.
GoldPickaxe and GoldDigger: Exploiting iOS and Android Platforms
According to a detailed report from Singapore-based Group-IB, GoldFactory operates as a well-organized cybercrime group with strong ties to Gigabud, targeting users primarily in the Asia-Pacific region, notably Thailand and Vietnam. The group’s activities extend across both iOS and Android platforms, with a focus on social engineering campaigns to distribute malware.
GoldPickaxe, the iOS variant, employs a unique distribution strategy utilizing Apple’s TestFlight platform and malicious URLs to lure victims into downloading Mobile Device Management (MDM) profiles, granting complete control over their devices. Conversely, its Android counterpart is spread through smishing and phishing messages, often disguised as local bank or government communications, leading unsuspecting users to install the malware.
One of the most alarming aspects of GoldPickaxe is its ability to circumvent security measures, such as facial recognition confirmation for larger transactions, by coercing victims into recording videos through a fake application. These videos are then used to create deepfake content, further complicating detection and mitigation efforts.
While GoldPickaxe primarily targets iOS devices, its Android counterpart, GoldDigger, exhibits a broader range of capabilities, including the theft of banking credentials and the interception of SMS messages. GoldDigger has been observed masquerading as various legitimate applications, leveraging over 20 different disguises to infiltrate devices.
GoldFactory’s operations highlight the evolving nature of mobile banking malware, with continuous adaptation to circumvent security protocols and exploit vulnerabilities. The group’s expertise in social engineering tactics, accessibility keylogging, and the integration of deceptive features underscores the sophistication of their operations.
To mitigate the risks posed by GoldFactory and its malware variants, users should be cautious when interacting with suspicious links or messages, refrain from downloading apps from untrusted sources, and regularly review app permissions.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: