Business, Lifestyle, Mobiles, Security

First ever iPhone trojan virus has been discovered, and it’s vicious

Luis Monzon

16th February 2024

Researchers in Asia have discovered a virus designed and aimed at iOS users, an “exceptionally rare occurrence.”
Called “GoldPickaxe.iOS”, the Trojan can steal biometric information so that threat actors can access your bank account apps.
Luckily for South African iPhone users, the virus and victims of it are mostly concentrated in Thailand and Vietnam.

Since its inception, one of the allures of owning an iPhone is that the device is generally immune from getting a computer virus, due to the fact that the only apps users can download are from the official App Store and have to go through a strenuous vetting process.

Now it seems this may no longer be the case according to a report from cybersecurity researchers at Group-IB. The researchers found an “exceptionally rare occurrence” – a new sophisticated mobile Trojan specifically designed for and aimed at iPhone users through iOS. The researchers are calling the virus GoldPickaxe.iOS.

A Trojan is a type of virus that rests in your phone and looks like an ordinary app or programme that when activated by the unaware user unleashes malware across your system. These types of viruses are named after the famous trojan horse from the Illiad.

Group-IB found the virus while monitoring evolving threats in the Asia-Pacific region. They found a cluster of aggressive banking Trojans, among which was GoldPickaxe.iOS. The virus was apparently spun off from a banking Trojan that only affected Android phones.

Making matters worse is the capabilities of GoldPickaxe.iOS. The researchers say that it is “capable of collecting facial recognition data, identity documents, and intercepting SMS.” They say that threat actors will use this data to make deepfakes to trick victims. They can also exploit the biometric data to access private apps in an attack vector as of yet unseen, according to the study.

“This data combined with ID documents and the ability to intercept SMS, enables cybercriminals to gain unauthorized access to the victim’s banking account – a new technique of monetary theft, previously unseen by Group-IB researchers in other fraud schemes,” Group-IB explains.

Threat actors are managing to distribute the Trojan through a complex multi-stage social engineering scheme, where they convince users to download and install a Mobile Device Management (MDM) profile. “This allows the threat actor to gain complete control over the victim’s device,” they explain. These MDMs are usually implemented through a third-party product and allow the administration of multiple mobile devices at once.

Luckily for South African users, it seems that the threat actors distributing the virus and the victims are concentrated in the Asia-Pacific region, with current evidence pointing to concentrations in Vietnam and Thailand. However, it is always a good idea to be extra careful not to install any unknown apps or programmes on your device.

[Image – Photo by Bagus Hernawan on Unsplash]