iOS users should beware of a growing number of malware and fake mobile apps, including a new Trojan named GoldPickaxe.iOS, which specifically targets iPhone users to collect facial recognition data, steal identity documents, and intercept text messages, according to some experts in the field.

The developer of the Leather cryptocurrency wallet recently warned of a fake version of its genuine app on the App Store, adding that a number of users reported that a wallet drainer stole their digital assets.

Leather confirmed that it has yet to offer an iOS app.

Notably, the fake app has a rating of 4.9 out of 5.0, in addition to many positive reviews on the App Store, leaving users to believe that it was an authentic app.

Leather said that all of the positive reviews were fabricated as well.

The presence of the phony app has made lots of users suspicious of Apple’s ability to maintain high quality security standards on the App Store.

In February this year, Group-IB, a Singapore-based creator of cybersecurity technologies to investigate, prevent, and fight digital crime, announced that it detected a new sophisticated mobile Trojan, dubbed GoldPickaxe.iOS, which targeted iOS users to collect facial recognition data, steal identity documents, and intercept text messages.

According to Group-IB, GoldPickaxe does not directly perform unauthorized transactions from the victim’s phone. Instead, it collects all the necessary information from the victim to autonomously access their banking app.

Group-IB discovered that GoldPickaxe is capable of requesting the victim to record a facial recognition video and obtaining photos of ID documents.

Cybercriminals can also gather the victim’s mobile phone number to gain unauthorized access to their bank accounts.

Multiple versions of GoldPickaxe have disguised themselves as different official Thai government services to distribute malware to victims’ devices, which is similar to the imitation of legitimate government apps in Vietnam.

Group-IB experts revealed that the Trojan aimed at the Android mobile operating system was found in Vietnam.

Andrey Polovinkin, who works as malware analyst in the Threat Intelligence team at Group-IB, said that the discovery of a sophisticated iOS Trojan highlights the evolving nature of cyber threats directed toward the Asia-Pacific region.

“In our assessment, it appears imminent that GoldPickaxe will soon reach Vietnam’s shores, while its techniques and functionality will be actively incorporated into malware targeting other regions,” he added. 

Vu Ngoc Son, director of technology at the Vietnam National Cyber Security Corporation, told Tuoi Tre (Youth) newspaper that iOS Trojans were previously aimed at people who held important positions or information for political purposes, citing the Pegasus spyware as an example that targeted human right activists in Saudi Arabia.

Meanwhile, GoldPickaxe focused its efforts on iPhone users in general for banking theft.

Hackers could spread mobile malware through malicious links in text messages and emails. Once the victime clicks on the links, the malware will infect their phone and steal their personal data including photos, videos, SMSes, and emails, Son said.

Cybercriminals also trick phone users into installing new apps containing malware, or they impersonate government authorities to threaten people and lure them into installing fake mobile apps.

Nguyen Minh Duc, CEO of the cybersecurity company CyRadar, advised iOS users to stay alert, even though the occurrence of malware on the iOS operating system is rarer than on the Android.

The Authority of Information Safety under the Vietnamese Ministry of Information and Communications cautioned iPhone users about clicking on links received via text messages and urged them to be wary of requests to install software.

Users are advised to thoroughly review the permissions requested when installing a new app.

Like us on Facebook or follow us on Twitter to get the latest news about Vietnam!