GoldPickaxe Mobile Malware Steals Biometrics for Deepfake Creation

A new trojan targeting iOS and Android devices, named GoldPickaxe, uses social engineering tactics to trick victims into scanning their faces and identity documents. According to researchers at Group-IB, this stolen biometric data is then used to create deepfakes and gain unauthorized access to bank accounts.

Importantly, the malware does not intercept Face ID data or exploit vulnerabilities in mobile operating systems. Instead, GoldPickaxe relies on deception and social engineering to convince users to reveal their faces and personal information.

Part of the GoldFactory Threat Arsenal

Researchers report that GoldPickaxe is part of the malicious toolkit of the Chinese hacker group GoldFactory, which is also responsible for threats like GoldDigger, GoldDiggerPlus, and GoldKefu. This group typically targets the Asia-Pacific region, especially Thailand and Vietnam.

How GoldPickaxe Spreads

GoldPickaxe has been active since October 2023 and continues to pose a threat. Victims usually receive phishing emails or messages via the LINE messenger, written in their native language. In these messages, scammers impersonate government officials or agencies, tricking users into installing malicious apps. For example, one such app called Digital Pension is distributed through websites disguised as the official Google Play Store.