This trojan steals Face ID data on iPhones to hack into your bank accounts

One of the biggest USPs of the Apple ecosystem in general, is the security, being a relatively closed-off environment. It’s perhaps why several people choose to buy an iPhone, rather than an Android smartphone.

That said, iPhones are not entirely impervious to cybercrime either. Proving that theory is a new trojan, dubbed GoldPickaxe.ios, which is said to use users’ Face ID data to hack into their bank accounts.

GoldPickaxe.ios: How it works

According to Group-IB, a cybersecurity firm, GoldPickaxe.ios, once installed on an iPhone can hack into their bank accounts, via the net banking applications installed on their phones. How it does this, is by intercepting texts on the phone, and identifying official documents from the bank, if any are stored on the device.

That’s not the most worrying bit, however. GoldPickax.ios is also capable of stealing the biometric data of the users, to create AI deepfakes and impersonate them, to access their bank accounts.

ALSO READ: AMOS: How this malware steals data from your macOS computers

Now, as we mentioned before, iPhones are relatively secure against malware and phishing attacks, but not entirely impervious to them. How the hackers behind the trojan got it into the Apple ecosystem was through a malicious app on Apple’s mobile application testing platform – TestFlight. Now, this worked in the beginning. However, Apple soon discovered it and removed the app from the platform.

Hackers then directly reached out to their victims and persuaded them to install a Mobile Device Management (MDM) profile, which they did unsuspectingly. It was through this profile that the trojan was released into their iPhones. For the unaware, MDM is traditionally used by businesses’ network administrators to monitor company-issued phones and laptops.

ALSO READ: Android malware ‘Xamalicious’ targets over 327,000 devices

Now, GoldPickaxe.ios has currently been reported only in Vietnam and Thailand. However, the fact that it hasn’t been intercepted as of yet, neither have the hackers behind it, means it could spread to other countries globally soon.

Which brings us to the next bit. How do you protect your iPhone from being hacked?

GoldPickaxe.ios: How to protect your iPhone against the trojan

Fortunately, Apple is already aware of the trojan and is working on a fix. In the meantime, there are a few additional steps you can take to protect your devices as well.

1. For starters, don’t install any apps from the TestFlight app. This is because unlike the App Store, apps on TestFlight aren’t vetted by Apple.

2. Unless it comes directly from your employer, and you can verify the same, do not install an MDM profile on your iPhone.

ALSO READ: SpyNote: How this trojan can wreak havoc on your Android devices

3. Avoid storing any banking-related texts or documents on your iPhone, unless absolutely required. Additionally, ensure you never have your bank account credentials stored anywhere on the phone.

4. Regularly run scans on your iPhone to check for any malware that may have entered the device. For this, you can use software such as Intego Mac Internet Security X9 or Intego Mac Premium Bundle X9. Though they are antivirus software meant for MacBooks and iMacs, they can also scan your iPhone or iPad, when connected to a Mac via a USB cable.

It is a good idea to ensure you take all possible steps to protect your device at all times, to ensure your data remains secure.