In a context where facial recognition has become a key tool for secure authentication, a new malware is putting this advanced technology at risk. According to the latest report from ESET, GoldPickaxe is a sophisticated malware that steals facial data with the aim of creating deepfakes using artificial intelligence, jeopardizing the security of users worldwide.
A New Attack Vector
GoldPickaxe has been detected in several regions, with versions available for both Android and iOS. In Android, the malware is distributed through fake websites that imitate the Google Play store, while in iOS, social engineering is used to install a Mobile Device Management (MDM) profile, granting full control over the infected device.
The operation of GoldPickaxe is alarming. Once installed, the malware requests victims to record a video, which is then used to generate deepfakes. Additionally, it collects identity documents, intercepts SMS messages, and redirects traffic through a proxy server. Instead of carrying out financial transactions directly, the malware steals the necessary information to access the victims’ banking applications.
Global Threat
GoldPickaxe has been mainly detected in Southeast Asia, but variants have also been found in Latin America and South Africa. Josep Albors, ESET Spain’s Director of Research and Awareness, emphasizes the importance of staying vigilant against these emerging threats: “It is important to stay alert against these emerging threats and reinforce our security measures to protect ourselves before they reach Spain.”
Prevention Measures
With the rise of advanced malware and the use of AI to create deepfakes, prevention becomes crucial. ESET offers seven essential tips to protect against threats like GoldPickaxe:
Verify Notifications: If you receive notifications about prizes, discounts, or pension bonuses, confirm their authenticity before taking action. Deceptions often disguise themselves as tempting offers.
Use Official Stores Only: Download applications only from official stores like Google Play Store and Apple App Store. Avoid websites offering apps of dubious origins.
Recognize Phishing: Familiarize yourself with phishing techniques and learn to identify fraudulent websites to avoid falling victim to these scams.
Perform Security Scans: If you notice suspicious activity on your device, conduct a security scan with a reliable application to detect and eliminate potential threats.
Remove Malicious Applications: If you find a malicious application on your device, delete it immediately and restart your phone. In some cases, it is recommended to reset the device to factory settings.
Utilize Cybersecurity Protection: Protect your mobile with a reliable cybersecurity solution like ESET Mobile Security, which can detect and block threats during the download process.
Implement Multilayered Security: Do not rely solely on a single authentication method. Use multi-factor authentication (MFA) and other cybersecurity measures for stronger protection.
The increasing sophistication of cyber attacks and the use of AI to create deepfakes pose a significant challenge to digital security. GoldPickaxe is a clear example of how cybercriminals are exploiting advanced technology to commit fraud and identity theft. Adopting appropriate preventive measures is essential to protect against these emerging threats and ensure the integrity of personal information in the digital age.