Hackers are using AI-generated deep fake photos to impersonate individuals online, aiming to deceive, manipulate, or gain unauthorized access to sensitive information. Cybersecurity researchers at InfoBlox have identified a significant threat in the form of GoldFamily, an evolved version of the GoldDigger trojan, which targets iOS devices. This malware aims to steal facial recognition data and access bank credentials through sophisticated AI-driven biometric authentication attacks.
InfoBlox has implemented a proactive defense mechanism with its DNS Early Detection Program, which swiftly identifies potentially malicious domains before they surface on threat feeds. This early detection allows for preemptive blocking of threats, disrupting malicious activities before they can fully develop and cause harm. The integration of AI technology into authentication attacks highlights the increasing complexity of cybersecurity challenges.
GoldFamily uses deceptive tactics to acquire sensitive personal information, targeting both Android and iOS users. On Android, it employs malicious app installations, while on iOS, it uses Mobile Device Management (MDM) profiles to direct users to malicious URLs. Once downloaded, the malware can steal facial data, intercept SMS, request ID images, and serve as a network proxy, maintaining communication with command and control (C2) servers via WebSockets for various functions, including photo requests and self-destruct commands.
The early identification of suspicious GoldFamily domains by InfoBlox, months ahead of public disclosure, emphasizes the critical importance of proactive cybersecurity measures. Analysis shows that threat actors quickly operationalize domains after being flagged, with a significant percentage blocked shortly after registration. This case illustrates the benefits of early detection and automated blocking in preventing emerging threats, reinforcing the need for continued vigilance and advanced threat intelligence capabilities.