Home Cybercriminals are stealing Face ID scans to break into mobile banking accounts

Cybercriminals are stealing Face ID scans to break into mobile banking accounts

The latest wave of cybercriminals are targeting iOS users in Thailand with Face ID thefts that allow them to steal money from victims.

iPhone owners in Thailand fall prey to cybercriminals stealing Face ID scans that are then used to break into their bank accounts in a world first in cybercrime.

A Chinese-speaking cybercrime group, dubbed GoldFactory, started distributing trojanized smartphone apps in June of last year, as reported by the Register. GoldPickaxe and GoldPickaxe.iOS targets Android and iOS systems, tricking users into performing biometric verification checks and harvesting that information.

This biometric data is then used to bypass the same security checks used by actual finance apps in Vietnam and Thailand. This gives cybercriminals access to bank accounts and the ability to siphon off funds. So far, this specific type of crime is limited to these two countries, but there is fear of it spreading worldwide.

Having initially started in Thailand by appearing as the Thai government’s official digital pensions app, it then quickly spread to Vietnam. Authorities have had reports of very similar attacks taking place in both countries, resulting in the theft of tens of thousands of dollars.

iOS users are worse affected than Android

Android malware is often considered more common in such attacks, but in this case, it’s the reverse. There are generally much tighter security controls on iOS systems, but with GoldFactory, the Android hack is far simpler.

Researchers found that the Android version bore many more disguises than the iOS version, showing up in more than 20 different false government, finance, and utility organizations in Thailand. For iPhones, the cybercriminals rely on input from the victims themselves, impersonating government authorities on the LINE messaging app and gaining access to key information that way.

From there, they convinced victims (often elderly) to download GoldPickaxe.iOS directly and use the same techniques as Android users.

Featured image: Unsplash

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Rachael Davies
Tech Journalist

Rachael Davies has spent six years reporting on tech and entertainment, writing for publications like the Evening Standard, Huffington Post, Dazed, and more. From niche topics like the latest gaming mods to consumer-faced guides on the latest tech, she puts her MA in Convergent Journalism to work, following avenues guided by a variety of interests. As well as writing, she also has experience in editing as the UK Editor of The Mary Sue , as well as speaking on the important of SEO in journalism at the Student Press Association National Conference. You can find her full portfolio over on…

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.