GoldPickaxe Malware Harvests Personal and Facial Biometric Data to Scam Victims
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
- Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor
A first for iOS devices, security researchers have identified a new banking trojan dubbed ‘GoldPickaxe,’ that has the ability to create deepfakes using stolen facial biometrics.
Available for both Android and iOS devices, the new malware strain is suspected to belong to ‘GoldFactory,’ a Chinese threat group responsible for ‘GoldDigger’ and ‘GoldKefu’ malware strains. According to researchers at Group-IB , the current targets are mainly victims in the APAC region, particularly Vietnam and Thailand.
Active since October 2023, the malware uses various social engineering techniques, including impersonating government and banking organizations to lure victims into sharing personal information.
According to Thailand Banking Sector CERT (TB-CERT), the threat actors pose as legitimate government agencies or officials to trick victims into installing fraudulent apps.
For instance, trojan-laden Android apps such as ‘Digital Pension,’ promoted via popular messaging apps LINE, are either installed via fake corporate or Google Play websites.
While the distribution chain for iOS devices is different. For iOS devices, the cybercriminals leveraged Apple’s TestFlight platform, or lured victims into installing a Mobile Device Management (MDM) profile through fraudulent websites. These tactics and techniques helped the hackers gain control over the targets’ device.
Once installed, the malware ‘’prompts the victim to record a video as a confirmation method in the fake application. The recorded video is then used as raw material for the creation of deepfake videos facilitated by face-swapping artificial intelligence services,’’ Group-IB revealed.
Additional capabilities attributed to the malware include, intercepting SMS messages, personal data, requesting identity documents, and proxying traffic through the target’s device.
Group-IB researchers believe that facial recognition information is essentially being used to access the victim’s bank account. It also believes that instead of the target’s device, the hackers are using their own devices to commit the fraud. This belief was further corroborated by the Thai police .
While concluding the security researchers stated that GoldFactory has ‘’well-defined processes, operational maturity, and demonstrate an increased level of ingenuity. Their ability to simultaneously develop and distribute malware variants tailored to different regions shows a worrying level of sophistication.’’
Prudential Financial Discloses a New Data Theft Attack
- Written by Shipra Sanganeria Cybersecurity & Tech Writer
- Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor
Prudential Financial reported being victim to a cybersecurity incident that exposed its employee and contractor data.
The network breach incident is said to have occurred earlier this month, the Fortune 500 company said in a Form 8-K filing with the US Securities and Exchange Commission.
The insurance giant disclosed that the breach was detected on February 5, one day after an unknown threat actor gained access to some of its systems. Upon detection, Prudential. with assistance from external cybersecurity experts, immediately deployed cybersecurity measures to ‘’investigate, contain, and remediate’’ the breach.
‘’As of the date of this Report, we believe that the threat actor, who we suspect to be a cybercrime group, accessed Company administrative and user data from certain information technology systems and a small percentage of Company user accounts associated with employees and contractors,’’ Prudential revealed.
However, it did not disclose the total number of employees or contractors impacted by the incident. The leading global financial services provider currently employs approximately 40,000 people, worldwide.
The data breach incident has been reported to the relevant law enforcement and regulatory agencies, Prudential revealed in the filing. Moreover, it’s continuing with the investigation to analyze the full impact of the incident, including any potential compromise of additional data or systems.
Prudential also said that based on its ongoing investigation, it found no evidence of any customer or client data breach.
‘’As of the date of this Report, the incident has not had a material impact on the Company’s operations, and the Company has not determined the incident is reasonably likely to materially impact the Company’s financial condition or results of operations,’’ the filing revealed .
Known for its insurance, retirement planning, and other financial products and services, Prudential Financial is one of the leading financial services provider to customers in the US, Europe, Asia, and Latin America.
