GoldDigger is a new trojan that has been observed by cybersecurity company Group-IB, targeting iOS users to steal their bank accounts.
According to a detailed report published by Group-IB, GoldDigger was initially created for the Android system but has now been successfully ported to iPhone and iPad devices. The company claims it is potentially the first trojan for iOS that can be very dangerous, as it collects facial recognition data, identity documents, and even SMS messages.
Hackers use these data to create deepfakes and gain access to victims’ bank accounts. By the time victims realize what is happening, it may already be too late.
Initially, the trojan was distributed through Apple’s TestFlight – a tool that allows developers to share beta versions of their apps without going through the review process in the App Store. However, after Apple removed it from TestFlight, hackers adopted a more advanced method by utilizing Mobile Device Management (MDM) profiles, primarily used for managing devices in enterprises.
These profiles allow companies to customize and control various aspects of the system according to their needs. However, what hackers do is convince users to install a malicious profile to download apps outside the App Store. In such a situation, they can collect all the necessary data.
According to the report, GoldDigger primarily targets individuals in Vietnam and Thailand. However, it can also be used to attack users in other parts of the world. Group-IB states that the trojan is in an “active stage of evolution.”
What’s next?
For now, it seems that even the latest versions of iOS and iPadOS are still vulnerable to this trojan. Group-IB has informed Apple about this threat, so the company is likely already working on resolving the issue. For the time being, the best thing you can do to avoid such attacks is to refrain from installing apps from untrusted sources.
More details about the GoldDigger trojan can be found here.
Image: Unsplash
FAQs: GoldDigger Trojan Attacks on iOS Users
1. What is the GoldDigger trojan?
GoldDigger trojan is a new type of malware discovered by cybersecurity company Group-IB. It targets iOS users to steal their bank accounts.
2. What data does the GoldDigger trojan collect?
The GoldDigger trojan collects facial recognition data, identity documents, and SMS messages. Hackers utilize this data to create deepfakes and gain unauthorized access to victims’ bank accounts.
3. How is the GoldDigger trojan distributed?
Initially, the trojan was distributed through Apple’s TestFlight tool, which allows developers to share beta versions of their apps. However, after Apple removed it from TestFlight, hackers started using Mobile Device Management (MDM) profiles, which are used for device management in enterprises. They convince users to install a malicious profile to download apps outside the App Store, enabling them to collect the necessary data.
4. Which countries are primarily targeted by the GoldDigger trojan?
According to the Group-IB report, the main targets of the GoldDigger trojan are users in Vietnam and Thailand. However, it can also be used to attack users in other parts of the world.
5. Are the latest versions of iOS and iPadOS vulnerable to the GoldDigger trojan?
Even the latest versions of iOS and iPadOS can still be vulnerable to the GoldDigger trojan. Group-IB has informed Apple about this threat, so the company is likely already working on resolving the issue. However, it is currently recommended to avoid installing apps from untrusted sources.
6. Is there more information available about the GoldDigger trojan?
More details about the GoldDigger trojan can be found here.
Image: Unsplash
The source of the article is from the blog enp.gr