this post was submitted on 16 Feb 2024
73 points (75.9% liked)

Technology

58013 readers
3426 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
73
First ever iOS trojan discovered — and it’s stealing Face ID data to break into bank accounts (www.tomsguide.com)
submitted 7 months ago by L4s@lemmy.world to c/technology@lemmy.world
3 comments fedilink hide all child comments
 

First ever iOS trojan discovered — and it’s stealing Face ID data to break into bank accounts::The GoldDigger trojan has been ported to iOS and is now being used to harvest facial recognition data to break into iPhone owners’ bank accounts.

top 3 comments
sorted by: hot top controversial new old
[–] DocMcStuffin@lemmy.world 58 points 7 months ago* (last edited 7 months ago)

Tom's Guide has shit reporting. This was the same site that repeated the bogus DDoS smart toothbrushes story. And they're at it again with more sensationalism.

From something more reputable:

The use of the victims' faces for bank fraud is an assumption by Group-IB, also corroborated by the Thai police, based on the fact that many financial institutes added biometric checks last year for transactions above a certain amount.

It is essential to clarify that while GoldPickaxe can steal images from iOS and Android phones showing the victim's face and trick the users into disclosing their face on video through social engineering, the malware does not hijack Face ID data or exploit any vulnerability on the two mobile OSes.

More from bleeping computer:

A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access.

Now, don't get me wrong, you should take malware and social engineering attacks seriously. But get your information from sites that do real security journalism.

[–] reddig33@lemmy.world 53 points 7 months ago* (last edited 7 months ago)

It’s not stealing anything because Apple revoked the developer certificate for this app.

It also required the user to “sideload” the app as part of device management enrollment. Not something the average user would be doing.

[–] Ghostalmedia@lemmy.world 15 points 7 months ago* (last edited 6 months ago)

If you have to con someone into installing an MDM profile, it’s probably just easier to con them into handing over their credit card info.

Also, this is not the first time a Trojan hit iOS. It is rare, but it has happened before. Example: https://en.wikipedia.org/wiki/XcodeGhost