learn to track

Protect Your iPhone Against ‘GoldPickaxe’, the First iOS Trojan

TLDR: GoldPickaxe, the first iPhone trojan, can steal biometric data and compromise bank accounts. Protect yourself by only installing trusted apps and profiles, not sharing personal info, and keeping your iPhone updated.

An Android trojan called GoldDigger emerged last year. It can steal biometric data and more to compromise bank accounts. Now, it has evolved into GoldPickaxe, a trojan that can infect both iOS and Android. But don’t worry. There are simple ways to protect your iPhone against this first-ever iOS trojan.

The Backstory

Security firm Group-IB discovered GoldPickaxe. They believe it’s the world’s first iOS trojan.

When installed, GoldPickaxe can collect:

  • Biometric information from photos
  • SMS text messages
  • Web activity
  • And more

Sometimes, victims are contacted by malicious parties posing as bank representatives. They ask for sensitive information like ID card pictures.

Using AI tools, the threat actors can then hack bank accounts.

Who’s at Risk?

Currently, GoldPickaxe targets users in Vietnam and Thailand. It mimics over 50 apps from financial institutions.

But Group-IB warns that GoldPickaxe and its predecessors, GoldDigger and GoldKefu, are actively evolving. Vigilance is key.

How Is It Spread?

GoldPickaxe was first distributed through iOS TestFlight beta testing. Apple shut that down, at least for now.

The latest evolution involves malicious iOS mobile device management (MDM) profiles.

But as the threat evolves, distribution methods may change or expand.

Protecting Your iPhone

  1. Only install TestFlight apps from trusted, verified developers.
  • Stick to the App Store, and even then, verify the developer.
  1. Only install MDM profiles from trusted, verified sources.
  • As noted by a 9to5Mac reader, most third-party parental control apps use MDM. Be cautious when deciding to use one.
  1. Don’t share personal information (including photos) if a party reaches out to you.

It’s that simple.

  1. If you’re concerned about a financial account, log in directly at the bank’s website. Don’t call numbers or click links sent to you.
  2. Keep your iPhone updated with the latest software from Apple.
  • This now includes Rapid Security Response updates between regular releases.
  • Stay tuned to 9to5Mac for instant updates when new iPhone updates go live.


Add comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.