A trojan called GoldDigger is stealing sensitive data from iOS users. GoldDigger was created for Android devices but is now a threat to iPhone and iPad users, Group-IB reports. The cybersecurity company claims that this is potentially the first trojan developed for iOS and could be quite dangerous as it steals facial recognition data, identity documents and even SMS.
How does it infect Apple devices?
The Trojan was initially delivered through Apple's TestFlight app, which allows developers to release beta versions of their apps without going through the App Store's review process. However, Apple recognized it and removed it from TestFlight. Soon after, the hackers took a more sophisticated approach based on the Mobile Device Management (MDM) profile, which is mostly used to manage corporate devices.
These profiles allow companies to customize and control many aspects of the system according to their needs. But what hackers do is convince users to install the malicious profile in order to download the app from outside the App Store. Once that happens, they can collect all the data they need.
Artificial intelligence tools are being used
Once infected, GoldPickaxe is able to collect facial recognition data, identity documents and text messages, all of which make it easier to withdraw money from banking and other financial apps. Worse, this biometric data is then used to create AI deepfake images to impersonate victims and access their bank accounts.
According to the report, GoldDigger has not yet spread worldwide, but Group-IB claims that the trojan is in an active stage of evolution. Even the latest versions of iOS and iPadOS are said to be vulnerable to the trojan. Group-IB says they have informed Apple about the trojan. Presumably Apple will release an update before too long. The best way to protect against such attacks is not to install apps from untrusted sources.
