ECONOMY & WORK
MONEY 101
NEWS
PERSONAL FINANCE
NET WORTH
About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
MARKETREALIST.COM / NEWS

New Malware 'GoldPickaxe' Is Stealing People's Faces To Create Deepfakes For Bank Fraud

The attacks specifically target the Asia-Pacific region but they can spread to other regions as well.
PUBLISHED FEB 16, 2024
Cover Image Source: Output of an Artificial Intelligence system | Getty Images | Photo by Smith Collection
Cover Image Source: Output of an Artificial Intelligence system | Getty Images | Photo by Smith Collection

A new malware is circulating on Android and iOS devices that is capable of stealing victims' faces and biometric data to generate deepfakes and gain unauthorized bank access or to steal identity or files. The trojan called "GoldPickaxe" was discovered by a software company called Group IB. While the company's Threat Intelligence team noted that the attacks specifically target the Asia-Pacific region, with victims in Thailand and Vietnam, the malware is projected to spread across the globe.

A 3D facial recognition program is demonstrated during the Biometrics 2004 exhibition | Getty Images | Photo by Ian Waldie
A 3D facial recognition program is demonstrated during the Biometrics 2004 exhibition | Getty Images | Photo by Ian Waldie

The distribution of the "Gold Pickaxe" trojan is thought to have commenced around October 2023 and remains ongoing. This activity is linked to the broader GoldFactory campaign, that was initiated in June 2023, with the deployment of another trojan known as "Gold Digger."



 

Once installed onto an Android device, the trojan takes the form of a fake government app. It then operates semi-autonomously, manipulating functions in the background, capturing the victim's face, intercepting SMS, asking for ID documents, and proxying network traffic through the infected device.

On iOS devices, however, the malware establishes a web socket and carries out various commands. These include sending device information, requesting the victim to take an image of their ID card, requesting a video of their face, displaying a bogus "device in use" message, accessing a photo library, and more.

However, as per the Android version, the trojan performs more malicious activities using over 20 different bogus apps as cover. Apple, on the other hand, has higher security restrictions, limiting the trojan’s operation.

Pexels | Tara Winstead
Pexels | Photo by Tara Winstead

In the scam, victims are approached through phishing or smishing messages written in their native language on the LINE app. These messages impersonate government authorities or services. The scammers then attempt to trick the victims into installing fraudulent apps disguised as "Digital Pension" apps, hosted on websites impersonating Google Play. The malware gains access to the victim’s device and can carry out criminal operations.

For instance, a victim in Hanoi, Vietnam, received a call from a person claiming to be a government official, according to a local news report. The imposter then asked the man to integrate an identification code at home and download fake Public Service software. The man went on to execute the app’s instructions, including scanning the camera to identify the face. The next day, he discovered that the stock account he had installed on his phone had lost control, and about 3 billion VND (approximately $122,424) in the account was transferred elsewhere.

Representative image Jack Ma presenting a new facial recognition feature of the Alibaba portal | Getty Images | Photo by Sean Gallup
Jack Ma presenting a new facial recognition feature | Getty Images | Photo by Sean Gallup

According to Group IB, the application uses the stolen biometric data for AI face-swapping services to create deepfakes of the victims. This allows the scammers to autonomously access the victim’s banking application as facial recognition is actively used by Thai financial organizations for verification.

Group-IB attributes the fraud to the highly sophisticated Chinese-speaking threat group, "GoldFactory" as debugging strings found in the malware variants included prompts in the Chinese language. GoldFactory, also responsible for developing other malware strains such as "GoldDigger," "GoldDiggerPlus," and "GoldKefu," uses various tactics, including impersonation, creating and using fake banking websites, using fake bank alerts, using fake call screens, and more. Reportedly, the group has separate development and operator groups dedicated to specific regions.



 

Group-IB researchers also found similarities between Goldfactory’s malware and "Gigabud," a disruptive banking trojan operating in Thailand, Vietnam, and some countries in Latin America. However, there is not enough evidence to attribute the development of Gigabud to GoldFactory yet. However, suspicions of it being involved in distribution remain.

MORE ON MARKET REALIST
According to the expert, personal letters and a signature from Tolkien himself added to the value of the book.
7 hours ago
Chistina and Katie Currie won over $88,000 in cash and two exotic vacations with their stunning performance.
8 hours ago
After everyone backed out, the billionaire Shark stepped up to help the founder of Diaper Dust.
1 day ago
Sun kept repeating the incorrect phrase but couldn't identify the error in time.
1 day ago
After almost closing a deal with Mr Wonderful, the founder of 'Simply Good Jars' pivoted hard.
1 day ago
The host thought it was the "worst possible answer" to give even as the team felt it was good enough.
2 days ago
Adding to the controversy, the owner of Dr. Mudd's lapdesk asked Harrison for $100,000.
2 days ago
With just milliseconds to spare, Sarah LaPilusa pulled off an incredible Bonus Round win.
2 days ago
Ozark Trail 64 oz Water Bottles were recalled after the lids of faulty bottles forcefully ejected.
3 days ago
The player laughed and giggled her way through the puzzles to win prizes worth over $57,000.
3 days ago
Scott Riccardi placed an unbelievable wager during Final Jeopardy! to win a massive amount in a day!
3 days ago
The guest got a 200% return on investment on her sculpture that she bought from Macy's.
3 days ago
Jennings had a record-setting winning streak as a contestant before he became the host.
4 days ago
The player, Ron Wheeler, tragically got no clues after his letter picks for the final puzzle.
4 days ago
The former kids champion, Skyler Hornback knew what was coming.
4 days ago
The fans took issue with the clue being too tough and unnecessary for the contestants.
5 days ago
Cuban wanted to strike a deal with the founder of Coconut Girl and gave her an ultimatum.
5 days ago
Although the word did make a lot of difference, some fans felt that the decision was ridiculous.
5 days ago
The guest, who found the item online, didn't think it was the real deal until he heard its value.
6 days ago
The player Samantha secured the first big win of Ryan Seacrest's run on the show.
6 days ago