Skip to main content

‘GoldDigger’ trojan targets iOS users to steal facial recognition data and bank accounts

Apple constantly updates its operating systems with security patches, which are often exploited by hackers to attack users in many different ways. This time, however, cybersecurity company Group-IB has reported the existence of a new “GoldDigger” trojan that targets iOS users to steal their bank accounts.

GoldDigger trojan can steal sensitive data from iOS users

According to a detailed report by Group-IB (via Tom’s Guide), GoldDigger was first created for Android, but has now been successfully ported to attack iPhone and iPad users. The company claims that this is potentially the first trojan made for iOS, and it can be quite dangerous as it collects facial recognition data, ID documents, and even SMS.

With all this data, hackers use AI-based tools to create deepfakes and gain access to victims’ bank accounts. By the time the victims realize what has happened, it may be too late.

At first, the trojan was distributed through Apple’s TestFlight – which lets developers release beta versions of their apps without going through the App Store’s review process. However, after Apple removed it from TestFlight, the hackers adopted a more sophisticated approach based on a Mobile Device Management (MDM) profile, which is mainly used to manage enterprise devices.

These profiles allow companies to customize and control many aspects of the system according to their needs. But what hackers do is convince users to install the malicious profile in order to download an app from outside the App Store. When this happens, they can collect all the data they need.

According to the report, GoldDigger mainly targets people in Vietnam and Thailand. However, it could also be used to attack users in other parts of the world. Group-IB claims that the trojan is in an “active stage of evolution.”

So what’s next?

At least for now, it seems that even the latest versions of iOS and iPadOS are still vulnerable to this trojan. Group-IB says it has informed Apple about the trojan, so it’s likely that the company is already working on a fix. For now, the best thing you can do to avoid attacks like this is not to install apps from sources you don’t trust.

You can find more details about the GoldDigger trojan here.

Image: Unsplash

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Filipe Espósito Filipe Espósito

Filipe Espósito is a Brazilian tech Journalist who started covering Apple news on iHelp BR with some exclusive scoops — including the reveal of the new Apple Watch Series 5 models in titanium and ceramic. He joined 9to5Mac to share even more tech news around the world.

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications