First trojan stealing facial recognition data
In October 2023, Grup-IB
researchedrekeased a report about a previously unknown Android Trojand
specifically targeting more tham 50 financial intitutions in Vietnam. Group-IB's
Threat Intelligence unit has been constantly monitoring this evolving
threat and unearthed an entire cluster of aggressive banking Trojans
activerly targeting the Asia-Pacific. Sophistcated mobile Trojan specifically aimed at Ios users, dubbed
GoldPickaxe.iOS by Group-IB. Whitch includes versions for iOS and
Android, is beased on the GoldDigger Android Trojand, and Features
regular updates deingned to enhance their capabilities and designed to
enhance their capabilities and evade detection. This trojan is caoable
of collecting facial recognition data, identity documents, and
intercepting SMS. To exploit the stolen biometric data, the threat actor
utilizes AI-driven face-Swapping services to create deepfakes. This
data combined with id docuemnts and the ability to intercept SMS,
enables cybercriminals to gain unauthorized access to the victim's
banking account - a new techinque of monetary theft, previously unseen
by Group-IB researchers in other fraud schemes.
GoldDigger: is the classic android banking Trojan that abuses Accessibility Service and grants cybercriminals control over the device
GoldDiggerPlus: is also and Android malware that extends the functionality of GoldDigger.
GoldKefun: an embedded Trojan inside GoldDiggerPlus, contains web fakes and enables voice calls to be made to victims in real.time
GoldActivity: Android APK where ens finds the Trojans is called "GlodDigger"
GoldFactory: Trojan is part of a ser of cyber threats developed by a groups know as GoldFactory. This group wich is believed to speak Cjinese, has created banking malware suite that includes several Trojans (GoldPickaxe, GoldDigger, GoldDiggerPlus and GoldKefun)
Comments
Post a Comment