A sophisticated form of mobile malware dubbed "GoldPickaxe" has been uncovered, which collects facial recognition data to produce deepfake videos, enabling hackers to bypass biometric authentication protections on banking apps.
Uncovered by cybersecurity firm Group-IB, GoldPickaxe exists in both Android and iOS versions and was developed by a suspected Chinese hacking group called "GoldFactory." The malware has been active since 2023, specifically targeting victims in Vietnam and Thailand.
The hackers rely heavily on social engineering tactics to distribute the malware. This includes sending phishing messages posing as government agencies or local banks to convince victims to click on links leading to fake apps infected with the malware.
For iOS devices, the hackers convinced targets to install bogus Mobile Device Management (MDM) profiles that provided full control over devices to deploy the malware. Android users were directed to fake app store pages to download infected apps.
Once installed, GoldPickaxe can harvest facial scans and identity documents, intercept text messages, and more. It's believed the biometric data is used to produce deepfake videos of victims. Combined with stolen credentials, these deepfakes let hackers bypass facial recognition protections on financial apps.
GoldPickaxe is part of a suite of mobile banking trojans attributed to GoldFactory, including variants like GoldDigger and GoldDiggerPlus. These malware strains exhibit sophisticated capabilities, including abusing Android accessibility services for keylogging, deploying phishing pages, and voice/video calling features.
Experts warn that biometric authentication alone is not foolproof. As Sectigo's Jason Soroko commented, "Biometric authentication should rarely be used as a sole form of authentication... your fingerprints, your face, and your voice are not secrets."
Callie Guenther of Critical Start pointed out that "using malware and deepfakes to bypass biometric security is a newer and less common tactic, showing innovation among cybercriminals."
The Group-IB report and expert viewpoints highlight that a multifaceted security strategy is essential. As John Gallagher of Viakoo stated, "Biometrics alone will fade as an authentication method, being replaced by multi-factor authentication (MFA)."
Education on verifying app downloads, MFA, advanced threat detection, encrypted communications, and tighter mobile device management controls can all contribute to protecting users. As threats continue to evolve at "AI speed" in the words of Gallagher, AI-enabled defenses will likely play an elevated role as well.
As experts warn that biometric authentication alone is vulnerable, individuals and organizations must take a layered security approach. Maintaining vigilance against emerging attack vectors in the mobile landscape is also necessary to protect sensitive user data and financial information.
Follow SecureWorld News for more stories related to cybersecurity.
