Latribunedujellyrodger.com » biometricstitle_li=Cyber ​​Securitytitle_li=digital threattitle_li=iostitle_li=IT securitytitle_li=malwaretitle_li=News » Attention ! Revolutionary iOS Malware Steals Faces to Fake Biometrics Using Artificial Intelligence Swaps!
biometrics,  Cyber ​​Security,  digital threat,  ios,  IT security,  malware,  News

Attention ! Revolutionary iOS Malware Steals Faces to Fake Biometrics Using Artificial Intelligence Swaps!

June 29, 2024 /

New threat: iOS malware steals faces to bypass biometrics with AI exchanges

A group of Chinese hackers has developed a new malware called “GoldPickaxe” that poses a threat to the security of iOS mobile device users. This software uses artificial intelligence exchanges to bypass biometrics and steal faces, personal identifiers and phone numbers. Cybercriminals can then use this information to access victims’ bank accounts.

A sophisticated attack

Group-IB researchers have identified at least one victim of this attack, a Vietnamese citizen who lost approximately $40,000 as a result of this deception. What makes this attack special is the use of deepfakes, manipulated videos that allow the biometric security systems of Southeast Asian banks to be fooled. The malware masquerades as a government application and primarily targets older people. Victims are encouraged to scan their faces, which allows hackers to generate deepfakes from these scans.

The challenge of biometric authentication

This attack highlights the fact that deepfake technologies have reached an advanced level and are capable of bypassing biometric authentication mechanisms. Criminals exploit this weakness and take advantage of the fact that most users are unaware of this threat. According to Andrew Newell, scientific director at iProov, deepfakes are a tool of choice for hackers because they give them incredible power and control.

How hackers bypass Thai banks

The Bank of Thailand has implemented a policy to combat financial fraud by requiring facial recognition for all important customer actions. However, the GoldPickaxe malware quickly bypassed this security measure. This malware, which appeared three months after the bank’s policy was implemented, presents itself as an application called “Digital Pension” used by elderly people to receive their pension in digital format. Victims are encouraged to scan their face, upload their government ID card and submit their phone number. Unlike other banking malware, GoldPickaxe does not operate on top of a real financial application, but instead collects all the necessary information to bypass authentication checks and manually log into victims’ bank accounts.

Fight against biometric banking trojans

Attacks of this type demonstrate the need for rapid evolution in the banking industry to deal with growing threats. Banks must implement more advanced security measures, adapted to new technological challenges. It is recommended that banks implement sophisticated monitoring of user sessions and that customers adopt good security practices, including avoiding clicking on suspicious links, verifying the authenticity of banking communications and promptly contacting their bank in the event of suspected fraud.

Leave a Reply

Your email address will not be published. Required fields are marked *