One of the biggest USPs of the Apple ecosystem in general, is the security, being a relatively closed-off environment. It’s perhaps why several people choose to buy an iPhone, rather than an Android smartphone.
That said, iPhones are not entirely impervious to cybercrime either. Proving that theory is a new trojan, dubbed GoldPickaxe.ios, which is said to use users’ Face ID data to hack into their bank accounts.
GoldPickaxe.ios: How it works
According to Group-IB, a cybersecurity firm, GoldPickaxe.ios, once installed on an iPhone can hack into their bank accounts, via the net banking applications installed on their phones. How it does this, is by intercepting texts on the phone, and identifying official documents from the bank, if any are stored on the device.
That’s not the most worrying bit, however. GoldPickax.ios is also capable of stealing the biometric data of the users, to create AI deepfakes and impersonate them, to access their bank accounts.
ALSO READ: AMOS: How this malware steals data from your macOS computers
Now, as we mentioned before, iPhones are relatively secure against malware and phishing attacks, but not entirely impervious to them. How the hackers behind the trojan got it into the Apple ecosystem was through a malicious app on Apple’s mobile application testing platform – TestFlight. Now, this worked in the beginning. However, Apple soon discovered it and removed the app from the platform.
Hackers then directly reached out to their victims and persuaded them to install a Mobile Device Management (MDM) profile, which they did unsuspectingly. It was through this profile that the trojan was released into their iPhones. For the unaware, MDM is traditionally used by businesses’ network administrators to monitor company-issued phones and laptops.
ALSO READ: Android malware ‘Xamalicious’ targets over 327,000 devices
Now, GoldPickaxe.ios has currently been reported only in Vietnam and Thailand. However, the fact that it hasn’t been intercepted as of yet, neither have the hackers behind it, means it could spread to other countries globally soon.
Which brings us to the next bit. How do you protect your iPhone from being hacked?
GoldPickaxe.ios: How to protect your iPhone against the trojan
Fortunately, Apple is already aware of the trojan and is working on a fix. In the meantime, there are a few additional steps you can take to protect your devices as well.
1. For starters, don’t install any apps from the TestFlight app. This is because unlike the App Store, apps on TestFlight aren’t vetted by Apple.
2. Unless it comes directly from your employer, and you can verify the same, do not install an MDM profile on your iPhone.
ALSO READ: SpyNote: How this trojan can wreak havoc on your Android devices
3. Avoid storing any banking-related texts or documents on your iPhone, unless absolutely required. Additionally, ensure you never have your bank account credentials stored anywhere on the phone.
4. Regularly run scans on your iPhone to check for any malware that may have entered the device. For this, you can use software such as Intego Mac Internet Security X9 or Intego Mac Premium Bundle X9. Though they are antivirus software meant for MacBooks and iMacs, they can also scan your iPhone or iPad, when connected to a Mac via a USB cable.
It is a good idea to ensure you take all possible steps to protect your device at all times, to ensure your data remains secure.
Unleash your inner geek with Croma Unboxed
Subscribe now to stay ahead with the latest articles and updates
You are almost there
Enter your details to subscribe
Happiness unboxed!
Thank you for subscribing to our blog.
Disclaimer: This post as well as the layout and design on this website are protected under Indian intellectual property laws, including the Copyright Act, 1957 and the Trade Marks Act, 1999 and is the property of Infiniti Retail Limited (Croma). Using, copying (in full or in part), adapting or altering this post or any other material from Croma’s website is expressly prohibited without prior written permission from Croma. For permission to use the content on the Croma’s website, please connect on contactunboxed@croma.com
- Related articles
- Popular articles
Atreya Raghavan
Comments