Skip to main content

Malware Alert - Public should beware of GoldDigger malware targeting iOS devices

Release Date: 20 Feb 2024 3710 Views

Type: Malware

Malware Alert

Current Status and Related Trends

Recently, the cybersecurity company Group-IB released a malware analysis report about a new malware called GoldDigger, which mainly targets Android and iOS devices of users in Vietnam and Thailand. The malware aims to collect sensitive information from victims, such as identity documents, text messages and facial recognition (Face ID) data. The data is then used to create deepfake for face-swapping to deceive bank application (App) authentication, and finally gain access to the victim's bank account to steal money.

 

According to the report, the criminals mainly use social engineering techniques, such as impersonating a government agency, to trick victims into clicking on links to malicious websites to download malware. The criminals would instruct the victim to download the malware to the victim's device through Apple's TestFlight App or Mobile Device Management (MDM). 

 

TestFlight App is a tool for iOS App developers to distribute beta versions of App to users for testing before they formally release the App on the App Store. Beta App distributed through TestFlight can be easily downloaded and installed without passing the vetting requirements and security checks of App Store. However, if the victim downloads the legitimate TestFlight App, it may allow the malware to take advantage of it to download malware to the victim's device through the legitimate TestFlight App.

 

MDM provides a number of features, such as remote deletion, device tracking, and App management, which criminals can exploit it for install malware and steal information. Distribution via MDM requires the victim to click on a link to a malicious website, download and install the MDM profile, and finally download the malware to the victim's device.

Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) would like to remind iOS users to be vigilant and adopt the following security best practices to protect themselves:

 

  1. Do not install TestFlight unless necessary and do not download App from unknown origin;
  2. Do not download or install MDM profiles from unknown origin;
  3. Do not download App from sources other than the App Store;
  4. Do not open any suspicious URL and should verify the authenticity of websites and App before using them;
  5. Confirm that the name of the installed application or developer is spelt correctly to avoid installing counterfeit malicious applications;
  6. Be cautious when reviewing the permissions requested by applications and do not allow or authorise permissions that are not relevant to their functionality;
  7. Do not "jailbreak" or "root the system" as it may crack the security of the system;
  8. Install a dedicated anti-virus App to detect known malware and malicious websites (Please refer to the security toolsrecommended by HKCERT).

Related Tags