The first-ever iOS malware has the ability to steal bank accounts by obtaining facial recognition data.

The Southeast Asian "GoldPickaxe" malware is intended to collect facial recognition data, most likely as a result of the region's banks and government organizations implementing biometric scans.

GoldPickaxe is an iOS Trojan that targets users in Thailand and potentially Vietnam. It is believed to steal facial recognition data used by Southeast Asian banks and government organizations. Group-IB, a cybersecurity group based in Singapore, discovered the Trojan.

“To exploit the stolen biometric data, the threat actor utilizes AI face-swapping services to create deepfakes by replacing their faces with those of the victims,” Group-IB says in the report. “This method could be used by cybercriminals to gain unauthorized access to the victim’s banking account—a new fraud technique, previously unseen by Group-IB researchers.”

GoldPickaxe is a trojan that poses as Thai government service apps and asks users to submit to a facial scan. Group-IB has found this malware. The malware isn't using iOS vulnerabilities or approved app stores to spread. It's thought to originate from GoldFactory, a Chinese hacker outfit that was previously spreading Trojans that pretended to be Vietnamese banking software. All malware variations contained Chinese debugging strings.

Primary care providers get P257 million from PhilHealth.

Via PCMAg.com