Criminals Exploiting Smartphone ‘Facial Data’ to Hack Bank Accounts

Li Nguyen

A new malware called ‘GoldPickaxe’ is being used to trick victims into scanning their faces and ID documents to gain unauthorized access to their bank accounts. This malware is linked to a threat group known as ‘GoldFactory’ and primarily targets the Asia-Pacific region. According to Google, Android users are protected against known versions of this malware, but iPhone users are also at risk.

Why This Matters

The ‘GoldPickaxe’ trojan, developed by the Chinese threat group ‘GoldFactory’, uses social engineering schemes to trick users into scanning their faces and ID documents. This malware, part of a suite including ‘GoldDigger,’ ‘GoldDiggerPlus,’ and ‘GoldKefu,’ is causing damage primarily in the Asia-Pacific region, particularly targeting Thailand and Vietnam. The attack begins with phishing messages on the LINE app, impersonating government authorities or services to trick victims into installing fraudulent apps.

Once the malicious app is installed, it operates semi-autonomously, capturing the victim’s face, intercepting incoming SMS, and requesting ID documents. This information is then used by hackers for bank fraud. The Android version of the trojan poses a greater threat due to its use of over 20 bogus apps as cover, in contrast to Apple’s higher security restrictions for iOS.

A Google spokesperson stated that Android users are automatically protected against known versions of this malware by Google Play Protect. This feature can warn users or block apps exhibiting malicious behavior, even if they come from sources outside of Google Play. Therefore, Android users are safeguarded from this particular malware.

t/f Summary: What’s Next

Both iPhone and Android users should remain vigilant and cautious while using their devices, especially when downloading apps or sharing personal information. Working with trusted app stores and keeping their devices up to date with security patches is essential to protect against these types of threats.

Share This Article
Avatar photo
By Li Nguyen “TF Emerging Tech”
Liam ‘Li’ Nguyen is a persona characterized by his deep involvement in the world of emerging technologies and entrepreneurship. With a Master's degree in Computer Science specializing in Artificial Intelligence, Li transitioned from academia to the entrepreneurial world. He co-founded a startup focused on IoT solutions, where he gained invaluable experience in navigating the tech startup ecosystem. His passion lies in exploring and demystifying the latest trends in AI, blockchain, and IoT
Leave a comment