Another threat surfaces online for mobile phone users that targets Android and iOS devices alike. Identified as “Gold Pickaxe,” the new malware is a potent data stealing trojan that typically aims at stealing facial recognition data alongside other sensitive information.
Gold Pickaxe Android Malware Running Active Campaigns
According to a recent Group-IB report, a new malware, “Gold Pickaxe,” is actively targeting Android and iOS users. The malware lures victim users into downloading it via social engineering.
The researchers traced back the malicious campaign to June 2023, when another malware from the same threat actors appeared online. Identified as “GoldDigger,” it seemingly served as a predecessor for the newly identified Gold Pickaxe trojan, targeting Vietnamese banks’ users. It was then followed by GoldDiggerPlus and GoldKefu in September 2023, leading to “Gold Pickaxe,” which appeared online in October 2023.
Regarding the malware functionalities, the researchers explained Gold Pickaxe as a data-stealing trojan aiming at personal/sensitive data. However, what makes it noteworthy is its advanced functionalities and specific aim at victims’ facial recognition data.
First, the previous three malware targeted Android devices, but the latest variant, “Gold Pickaxe,” also targets iOS devices. This enables the malware to target a wider user base globally. Secondly, Gold Pickaxe, alongside stealing other data, also aims at pilfering facial recognition data, biometric data, and identity documents. With these details, the attackers intend to create victim users’ deepfakes to trick banking apps and perform financial frauds. This technique particularly facilitates the attackers in attacking Thai banks where facial scans are commonly applied for safe transactions.
The researchers have shared a detailed technical analysis of this malware in their post. Regarding the threat actors’ identity, the researchers identified them as a Chinese entity, “GoldFactory,” which was also hinted at by the presence of Chinese language in the malware’s C&C servers and debugging strings. They also observed some similarities between the GoldFactory trojans and another banking trojan “Gigabud.” However, they couldn’t establish a specific link between the two.
Let us know your thoughts in the comments.
