• This new malware can literally steal your face to use in fraud A

    From TechnologyDaily@1337:1/100 to All on Fri Feb 16 17:30:05 2024
    This new malware can literally steal your face to use in fraud Android and iOS devices both affected, so be on your guard

    Date:
    Fri, 16 Feb 2024 17:14:16 +0000

    Description:
    Chinese hackers are stealing biometric data to create deepfakes to log into people's banking apps.

    FULL STORY ======================================================================

    Cybersecurity researchers have discovered a new mobile trojan that literally looks to steal peoples faces to hack into theiraccounts.

    The GoldPickaxe trojan steals biometric data and uses it to generate convincing deepfakes which can then be used to break into mobile banking applications, a report from Group-IB says.

    GoldPickaxe is available for both Android and iOS, although for the latter,
    it has fewer features due to the closed nature of the iOS. Still, the existence of the iOS version marks a rare occasion of malware targeting
    Apples mobile operating system, the researchers said. Thailand and Vietnam at risk

    Besides stealing facial recognition data, GoldPickaxe also steals identity documents and intercepts SMS messages, getting more than enough information
    to break into mobile banking applications. The final step - actually logging into the banking app and withdrawing funds - is not being done on the targets devices. Instead, the crooks are installing banking apps on their own devices and logging in from there, Thai police confirmed to the researchers.

    The experts believe the group behind the trojan is most likely GoldFactory, a Chinese-speaking threat actor thats known for building GoldDigger, GoldDiggerPlus, and GoldKefu, all banking trojans.

    In this instance, GoldFactory is targeting people in the Asia-Pacific region, with those in Thailand and Vietnam being most at risk.

    To get the malware to work, the victim still needs to grant it relevant permissions. Hence, the attackers are impersonating local banks, and government organizations, and are engaged in a multi-stage social engineering scheme to manipulate victims into granting all the necessary permissions.
    They are not exploiting any vulnerabilities in either Android or iOS to install the malware - its all just social engineering.

    We dont know exactly how many people are affected by this campaign, or how much money the hackers managed to steal with the malware. More from TechRadar Pro Hackers are increasingly using ad tools and marketing gimmicks to sell their work Here's a list of the best firewalls around today These are the
    best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-new-malware-can-literally-steal-yo ur-face-to-use-in-fraud-android-and-ios-devices-both-affected-so-be-on-your-gu ard


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)