Deepfakes Deployed In Mobile Banking Malware Attacks

Leading international cyber security company Group-IB, has identified the development of sophisticated banking trojans by Chinese-speaking cyber crime group known as GoldFactory. One of the group’s prominent trojans, GoldPickaxe, is capable of harvesting identity documents, facial recognition data, and SMS information on iOS and Android devices.

The threat group has previously targeted Thailand, Vietnam, and other Asia-Pacific nations with social engineering campaigns. This  sophisticated form of mobile malware collects facial recognition data to produce deepfake videos, enabling hackers to bypass biometric authentication protections on banking apps. 

The GoldPickaxe family is available for both iOS and Android platforms and Both these propagation mechanisms were first disclosed by Thailand  CERT  in November 2023.

Active since at least mid-2023, GoldFactory is also responsible for another Android-based banking malware known as GoldDigger, GoldDiggerPlus and GoldKefu. Social engineering campaigns distributing the malware have been found to target the Asia-Pacific region, by masquerading as local banks and government organisations. In these attacks, prospective victims are sent smishing and phishing messages and guided to switch the conversation to instant messaging apps like LINE, before sending bogus URLs that lead to the deployment of GoldPickaxe on the devices.

Some of these malicious apps targeting Android are hosted on counterfeit websites resembling Google Play Store pages or fake corporate websites to complete the installation process.

GoldPickaxe for iOS employs a different distribution scheme, with successive iterations leveraging Apple's TestFlight platform and booby-trapped URLs that prompt users to download an Mobile Device Management (MDM) profile to grant complete control over the iOS devices and install the rogue app.

The first version of GoldDigger, which was first discovered in June 2023 and continue in circulation, has since paved the way for more upgraded variants, including GoldDiggerPlus, which comes embedded with another trojan APK component dubbed GoldKefu, to unleash the malicious actions. GoldDiggerPlus is said to have emerged in September 2023, with GoldKefu impersonating a popular Vietnamese messaging app to extract banking credentials associated with several financial institutions.

Experts warn that biometric authentication alone is vulnerable, individuals and organisations must take a layered security approach. Maintaining vigilance against emerging attack vectors in the mobile landscape is also necessary to protect sensitive user data and financial information.

Group-IB   |   The Hacker News     |     Oodaloop     |     Secure World     |    Facebook     |    MITech News

Image: Allison Saeng

You Might Also Read: 

Mobile Cyber Attacks: The Different Facets Of Smartphone Malware:

DIRECTORY OF SUPPLIERS - Deepfake & Disinformation Detection:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« X Taking Payments From Terrorists
Cyber Criminals Use CAPTCHA To Spread Malware »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cloudera

Cloudera

Cloudera provide the world’s fastest, easiest, and most secure data platform built on Hadoop.

National Institute of Standards & Technology (NIST) - USA

National Institute of Standards & Technology (NIST) - USA

NIST is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Areas covered include IT and cybersecurity.

Cysec - TU Darmstadt

Cysec - TU Darmstadt

CYSEC is the Cybersecurity faculty of the Technical University of Darmstadt and performs internationally renowned research in numerous areas of cybersecurity.

Bird & Bird

Bird & Bird

Bird & Bird is an international law firm with a focus on helping organisations being changed by technology and the digital world. Areas of expertise include cyber security.

Cofrac

Cofrac

Cofrac is the national accreditation body for France. The directory of members provides details of organisations offering certification services for ISO 27001.

Tesserent

Tesserent

Tesserent (formerly Pure Security) is a full-service cybersecurity solutions provider. We partner with clients across Australia and New Zealand in the protection of their digital assets.

Loki Labs

Loki Labs

Loki Labs provides expert cyber security solutions and services, including vulnerability assessments & penetration testing, emergency incident response, and managed security.

SecureWorx

SecureWorx

SecureWorx are a secure multi-cloud MSP, a provider of advanced IT security services and an independent cyber security advisory.

ECHO Project

ECHO Project

The main objective of ECHO is to strengthen the cyber defence of the European Union, enhancing Europe’s technological sovereignty through effective and efficient multi-sector collaboration.

Testhouse Ltd

Testhouse Ltd

Testhouse is a thought leader in the Quality Assurance, software testing and DevOps space. Founded in the year 2000 in London, UK, with a mission to contribute towards a world of high-quality software

AccountabilIT

AccountabilIT

AccountabilIT is a full spectrum information technology services firm for enterprises with complex information technology needs seeking relief from those challenges.

Prikus Tech

Prikus Tech

Prikus is a full-fledged Cyber Security Company helping organizations worldwide to manage cyber risks. We offer Risk & Compliance Services, Security Testing & Managed Security Services.

X-Analytics

X-Analytics

X-Analytics is a cyber risk analytics application to create a better way for organizations to understand and manage cyber risk.

Arista Middle East

Arista Middle East

Arista Middle East is part of Global Arista Technologies specializing in OT Cybersecurity.

AC3

AC3

AC3 is a leading secure cloud services provider, focused on turning your technology challenges into real results.

Texas Cyber Solutions

Texas Cyber Solutions

Texas Cyber Solutions are elite cybersecurity advisors based in Houston, Texas providing network security solutions, penetration testing, and more.