Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Malware

GoldFamily (Remote Access Trojan) – Malware

July 12, 2024
Reading Time: 3 mins read
in Malware
GoldFamily (Remote Access Trojan) – Malware

GoldFamily

Type of Malware

Remote Access Trojan

Country of Origin

China

Date of initial activity

February 2024

Targeted Countries

Thailand and Vietnam 

Associated Groups

GoldFactory

Motivation

Data theft

Type of information Stolen

Biometrics (facial recognition data) and banking credentials

Attack Vectors

The threat actors behind GoldFamily leverage social engineering tactics to lure victims into scanning their faces. They then convince the victims to provide highly confidential identification documents. The targeted victims are phished via email, SMS smishing, or messages on platforms such as the LINE app. The messages seem to be well-written and convincingly impersonate government services and authorities.

Targeted System

iOS

Overview

Cybersecurity researchers at InfoBlox recently discovered GoldFamily, an advanced version of the GoldDigger trojan, targeting iOS devices to steal facial recognition data and bank access credentials using AI for biometric authentication attacks. The use of AI by GoldFamily makes it particularly dangerous, as it can successfully attack authentication processes, including certain types of biometrics that were previously considered secure. GoldFamily includes a variant of the Android trojan called GoldDigger, which was initially discovered in October 2023.

Targets

iPhone and iPad users from finantial institutions.

How they operate

GoldFamily has been designed to target both Android (GoldDigger) and iOS users. Android victims are manipulated into directly installing the malicious app, while iOS users are directed to install a disguised Mobile Device Management (MDM) profile. MDM allows remote device configuration, enabling threat actors to install malicious applications. For iOS (iPhone) users, the threat actors direct them to a TestFlight URL to install the malicious app. Once installed, GoldFamily operates to capture facial data, intercept incoming SMS messages, request and capture images of ID cards and other sensitive authentication data, and act as a network traffic proxy using a tool called MicroSocks. On iOS devices, the malware uses a web socket channel to communicate with the command and control (C2) server. The available communications include a heartbeat function to ping the C2 server, an init function to send device information to the C2, a face photo request to the victim, a false device in use message to prevent interruptions, an album command to sync the photo library data and exfiltrate it to a cloud bucket, and finally, a destroy command to stop the trojan. Once the GoldFamily threat actors have the facial scans, they use artificial intelligence to perform face swaps. The resulting modified images are deep fakes. These deep fake images, combined with intercepted SMS messages, are then used to gain access to victims’ bank accounts.
References:
  • DNS EARLY DETECTION – BREAKING THE GOLDFAMILY KILL CHAINSpringtail: New Linux Backdoor Added to Toolkit
Tags: AIAndroidGoldDiggerGoldFamilyiOSiPadiPhoneMalwareMDMMicroSocksmobileMobile Device ManagementTestFlightTrojan
ADVERTISEMENT

Related Posts

Iranian Phishing Campaign (Scam) – Malware

Iranian Phishing Campaign (Scam) – Malware

March 2, 2025
Fake WalletConnect (Infostealer) – Malware

Fake WalletConnect (Infostealer) – Malware

March 2, 2025
SilentSelfie (Infostealer) – Malware

SilentSelfie (Infostealer) – Malware

March 2, 2025
Sniper Dz (Scam) – Malware

Sniper Dz (Scam) – Malware

March 2, 2025
TikTok Malware Scam (Trojan) – Malware

TikTok Malware Scam (Trojan) – Malware

March 2, 2025
Zombinder (Exploit Kit) – Malware

Zombinder (Exploit Kit) – Malware

March 2, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial