Apple has always been concerned about the security of the iPhone system, which is why the system is much more closed than any other.
But, as we know, there are no impenetrable systems in this technological world, and from time to time threats appear on iOS that prove to be fleeting.
The latest of these threats is called GoldPickaxe, identified by the security company Group-IB.
This trojan is capable of collecting biometric information from users, intercepting SMS messages, capturing web activities, and even posing as bank representatives to obtain sensitive data, such as photos of identity documents.
In this article, you will learn who is at more risk of being contaminated and how to protect yourself from this threat.
GoldPickaxe: Should I Be Worried?
Right from the start, let’s be clear: if you don’t install “parallel” apps on your iPhone through platforms other than Apple’s official App Store, you don’t need to worry.
Trojans are not viruses, meaning they don’t infect so easily. As the name suggests, they are trojan horses that the user installs thinking it’s something else.
It is through the installation of parallel apps that this trojan enters the system, in a maliciously configured profile.
It can also be installed via the TestFlight app, used by developers to test their apps before they are published in the App Store. So, be very careful with installing apps from untrustworthy sources.
What Does GoldPickaxe Do on Your iPhone?
When the GoldPickaxe trojan infects an iPhone, it performs a series of malicious actions to compromise the security of the device and collect sensitive information from users.
Some of the main actions that GoldPickaxe can perform include:
- Collection of biometric information: The trojan can access and collect biometric data stored on the device, such as fingerprints or facial recognition, if available.
- SMS message interception: It can intercept SMS text messages sent and received by the user, allowing access to confidential information, such as two-factor verification codes or authentication passwords.
- Capture of web activities: GoldPickaxe can monitor and capture the user’s web browsing activity, including visited websites, searches performed, and information entered into online forms.
- Falsification of bank representation: The trojan can impersonate legitimate bank representatives, contacting users and requesting confidential information, such as photos of identity documents, credit card numbers, or bank account details.
- Possible remote access: Depending on the trojan’s configuration, the attackers behind GoldPickaxe may gain remote access to the infected device, allowing for additional actions, such as installing additional malicious software or stealing additional data.
How to Protect Yourself from GoldPickaxe?
To protect yourself against GoldPickaxe and similar threats, security experts recommend the following measures:
- Avoid unreliable sources: Do not install apps from unofficial or untrustworthy sources. Always look to download apps from Apple’s official App Store and check the developer’s reputation before installing any app.
- Regularly update iOS: Keep your iPhone device always updated with the latest security updates provided by Apple. These updates often fix known vulnerabilities and provide additional protection against emerging threats.
- Exercise caution when sharing information: Avoid sharing personal or sensitive information, such as photos of identity documents, through unsecure channels, such as text messages or unencrypted emails.
- Verify trustworthy sources: When receiving requests for personal information, especially related to banking information, always verify the authenticity of the source before providing any data.
- Phishing awareness: Be aware of phishing attempts, where users are deceived by fake emails or messages requesting personal information. Do not click on suspicious links and always verify the legitimacy of the communication before providing information.
By following these security guidelines, users can significantly reduce the risk of infection by the GoldPickaxe trojan and keep their iPhone devices safe from cyber threats.
And maintaining continuous vigilance, adopting recommended security practices, are essential to protect personal and financial data in an increasingly connected digital world.
But, it’s hard not to comment on the amazing coincidence of the first trojan for iPhone appearing just at a time when European legislation is forcing Apple to allow external app stores.
But it’s just a coincidence, of course…
