GoldFamily | |
Type of Malware | Remote Access Trojan |
Country of Origin | China |
Date of initial activity | February 2024 |
Targeted Countries | Thailand and Vietnam |
Associated Groups | GoldFactory |
Motivation | Data theft |
Type of information Stolen | Biometrics (facial recognition data) and banking credentials |
Attack Vectors | The threat actors behind GoldFamily leverage social engineering tactics to lure victims into scanning their faces. They then convince the victims to provide highly confidential identification documents. The targeted victims are phished via email, SMS smishing, or messages on platforms such as the LINE app. The messages seem to be well-written and convincingly impersonate government services and authorities. |
Targeted System | iOS |
Overview
Cybersecurity researchers at InfoBlox recently discovered GoldFamily, an advanced version of the GoldDigger trojan, targeting iOS devices to steal facial recognition data and bank access credentials using AI for biometric authentication attacks. The use of AI by GoldFamily makes it particularly dangerous, as it can successfully attack authentication processes, including certain types of biometrics that were previously considered secure. GoldFamily includes a variant of the Android trojan called GoldDigger, which was initially discovered in October 2023.Targets
iPhone and iPad users from finantial institutions.