IOS, Android Malware Steals Faces to Defeat Biometrics With AI Swaps

Southeast Asia is learning the hard way that biometric scans are nearly as easy to bypass as other kinds of authentication data, thanks to a creative banking Trojan.

Chinese hackers have developed a sophisticated banking Trojan for tricking people into giving up their personal IDs, phone numbers, and face scans, which theyre then using to log into those victims bank accounts.
The new malware, GoldPickaxe, was developed by a large (but unidentified) Chinese-language group. Its variants work across iOS and Android devices, masquerading as a government service app in order to trick primarily elderly victims into scanning their faces. The attackers then use those scans to develop deepfakes that can bypass cutting-edge biometric security checks at Southeast Asian banks.
In
a new report
, researchers from Group-IB identified at least one individual whom they believe to be an early victim: a Vietnamese citizen, who earlier this month lost around $40,000 dollars as a result of the ruse.
Diligent social engineering and powerful cross-platform malware aside, it seems to be highly effective for two reasons: because
deepfake technology has caught up
with biometric authentication mechanisms, and because most of us havent realized that yet.
This is why we see face swaps are a tool of choice for hackers, says Andrew Newell, chief scientific officer at iProov. It gives the threat actor this incredible level of power and control.
As the novelist George Orwell famously said, The enemy of art is the absence of limitations.
Last March, to combat widespread financial fraud, the Bank of Thailand
announced a policy change
: All Thai financial institutions must forgo email and SMS, and require facial recognition for any major actions from customers (e.g. opening a new account, adjusting a daily transfer limit, or initiating a transaction of more than 50,000 baht). They started enforcing this new rule, among others, beginning last July.
GoldPickaxe, the face scan-beating banking Trojan, first appeared in the wild just three months thereafter.
Built upon the foundations of a prior Trojan, GoldDigger, GoldPickaxe was
identified last November
by Thailands Banking Sector CERT, while disguised as Digital Pension, a real app used by the elderly to receive pensions in digital format from Thailands Comptroller General. Under the guise of a government service, the fake app requires victims to scan their faces, upload their government ID cards, and submit their phone numbers.
Unlike some other banking trojans, GoldPickaxe doesnt operate as
a layer on top of a real financial app
, or automatically leverage the data it collects. Rather, as Thai police
confirmed in November
, it gathers all the information necessary for attackers to, later, glide past authentication checks and manually log into their victims bank accounts.
That hackers were able to undermine Thailands latest cyber policy upgrades so efficiently and so quickly does not surprise Newell.
We are now operating on timescales that are much shorter than they were before. We see that more advanced tools come out every week. So I think we really need a massive shift in the banking industry, to acknowledge the fact that the rate of evolution of threats has changed. And that we need a different approach, he says.
Banks, he says, need to adjust. If they have systems that theyve put in place, you know, 12 months ago, 18 months ago, does that mean theyre really able to handle the threats theyre seeing now? If theyre not, they need to find a different approach, quickly.
To conclude its report, Group-IB recommends banks implement sophisticated user session monitoring. And to bank customers, it advises: avoid clicking on suspicious links, use official app stores to download applications, review the permissions of all apps, avoid adding unknown contacts, verify the legitimacy of bank communications, and act promptly if fraud is suspected by contacting your bank.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
IOS, Android Malware Steals Faces to Defeat Biometrics With AI Swaps