GoldFactory, a Chinese-speaking threat actor, has emerged as a significant player in the development of advanced banking trojans. What's dangerous about this group is that it uses deepfakes to deceive the victims.
Among its creations is GoldPickaxe, a previously unknown iOS malware capable of stealing sensitive data such as identity documents and intercepting SMS messages.
Goldfactory Is Notorious For Its Android Banking Malware
Deepfakes are already dangerous since they can mislead people, but when paired with a banking trojan, things just get worse for the side of the victims.
GoldPickaxe targets both iOS and Android platforms, demonstrating the group's versatility. GoldFactory is also behind other notable malware variants, including GoldDigger and its enhanced version, GoldDiggerPlus, as well as GoldKefu, a trojan embedded within GoldDiggerPlus.
Related Article: AI Deepfake Brings Back Indonesia's Dead Dictator for Upcoming Elections
Distribution Tactics
The group employs social engineering tactics to distribute the malware, particularly targeting the Asia-Pacific region. Victims receive phishing messages and are directed to download malicious apps disguised as legitimate banking or government applications.
These apps are often hosted on counterfeit websites or fake corporate pages to deceive users.
"The GoldPickaxe family is available for both iOS and Android platforms. GoldFactory is believed to be a well-organized Chinese-speaking cybercrime group with close connections to Gigabud," Singapore-headquartered Group-IB said.
iOS Distribution Scheme
GoldPickaxe for iOS utilizes a unique distribution scheme, leveraging Apple's TestFlight platform and booby-trapped URLs.
What's more, users are prompted to download a Mobile Device Management (MDM) profile, granting complete control over their devices and allowing the installation of the rogue app.
Android Accessibility Abuse
According to The Hackers News, GoldDigger, the Android counterpart, exploits Android's accessibility services to log keystrokes and extract on-screen content. It impersonates various applications from Thailand's government and financial sector to steal login credentials.
Evolution and Adaptation
The malware continues to evolve, with GoldFactory constantly upgrading its tools and tactics. New variants like GoldDiggerPlus integrate additional features, such as the Agora Software Development Kit (SDK), to facilitate voice and video calls, enhancing the deception.
How to Mitigate Risks Brought By GoldFactory
To mitigate the risks posed by GoldFactory's malware, users are advised to avoid clicking on suspicious links, refrain from installing apps from untrusted sources, and regularly review app permissions. Financial institutions must also enhance their security measures to counter these evolving threats effectively.
GoldFactory's emergence highlights the persistent threat posed by mobile banking malware. With its sophisticated tactics and constantly evolving toolset, the group poses a significant challenge to cybersecurity. Vigilance and proactive measures are essential to safeguard against such threats in an increasingly digital world.
With deepfakes all over the place, it will not come as a surprise if they will be an assistive tool for the hackers to carry out their attacks.
Speaking of deepfakes, Canon, Nikon, and other camera companies look to put an end to fake digital signatures by suppressing the emergence of deepfakes.
Read Also: Dozens of YouTube Channels Post AI Fake News About Black Celebrities
