GoldPickaxe is a malware designed to steal facial data through fake mobile apps and AI-based face-swapping services. In this Befree blog, we explore one of the most sophisticated malwares that has emerged in the field of cybersecurity.
Infiltration of GoldPickaxe: Attack Method
GoldPickaxe infiltrates mobile devices using advanced social engineering techniques. The attack begins with the sending of phishing and smishing messages, where cybercriminals persuade victims to switch their conversations to apps like LINE. Once the victim complies, the criminals send deceptive links that install the GoldPickaxe trojan on Android and iOS devices. This trojan can collect data such as facial recognition, identity credentials, and text messages.
These stolen data are used to create AI-generated fakes, known as deepfakes, which allow hackers to impersonate victims and steal funds from their bank accounts. Additionally, a more recent variant called GoldDiggerPlus enables attackers to make calls from the compromised device.
Distribution of GoldPickaxe
GoldPickaxe is primarily distributed through two methods:
- Fake websites: Cybercriminals create websites that mimic the Google Play Store, tricking users into downloading malicious apps on Android devices.
- Social engineering and MDM profiles: On iOS devices, attackers use social engineering techniques to install mobile device management (MDM) profiles. These profiles allow hackers to take full control of the infected device.
Once installed, GoldPickaxe prompts victims to record videos of themselves, which are then used to create deepfakes. Additionally, it steals identity documents, intercepts SMS messages, and redirects traffic through proxy servers, broadening the attack’s scope.
Impact and Risks of GoldPickaxe
GoldPickaxe poses several significant impacts and risks:
- Financial fraud: Deepfakes created with stolen facial data allow cybercriminals to impersonate victims and conduct unauthorized financial transactions.
- Compromise of bank accounts: The malware intercepts SMS messages and redirects traffic through proxy servers, obtaining the necessary information to access victims’ bank accounts.
- Loss of personal identity: The creation of manipulated videos can lead to personal identity loss, with long-term consequences for victims.
How to Prevent GoldPickaxe
To protect yourself from the GoldPickaxe malware, follow these steps:
- Download apps only from official sources: Avoid installing apps from unofficial websites or through TestFlight unless you fully trust the developer.
- Verify MDM profiles: Do not install mobile device management profiles unless you can verify their legitimacy.
- Keep your device updated: Ensure you always have the latest version of the operating system, as updates often include important security patches.
- Do not share sensitive information: Avoid sharing personal data, photos of identity documents, or banking information through calls, video calls, or messages.
- Be cautious with links and emails: Do not click on suspicious links in emails, WhatsApp messages, or other apps.
We have thoroughly analyzed GoldPickaxe, a highly dangerous malware that puts both your identity and finances at risk. Understanding how it infiltrates, spreads, and the risks it poses is crucial for your protection. By following the mentioned preventive measures, you can significantly reduce the chances of falling victim to such cyberattacks. Stay vigilant and protect your devices to avoid becoming the next target.