The “GoldFactory” group has released new variants of its “GoldPickaxe” malware, targeting banking users in Southeast Asia. This advanced trojan steals facial recognition data to create deepfakes for bypassing biometric security and is now being distributed via fake government service apps on both Android and iOS.
Business Impact
This malware represents a direct threat to biometric identity verification. By stealing raw facial data, attackers can bypass “liveness” checks used by banking apps and corporate MFA systems, enabling high-value fraud and account takeovers.
Why It Happened
Attackers are using social engineering (fake pension/government apps) to trick users into installing the malware. On iOS, they abuse the TestFlight platform or MDM profiles to bypass App Store security checks.
Recommended Executive Action
Update fraud detection models to look for anomalies in biometric authentication attempts. Educate employees and customers about the risks of installing apps from outside official stores (“sideloading”), especially those claiming to be government tools.
Hashtags: #MobileSecurity #GoldPickaxe #Biometrics #Deepfake #Fraud #Banking #Malware #InfoSec