.jpg "Hai Duong took 33 samples of medicine, milk and functional foods for quality testing.")
.jpg "Be cautious about 'surfing' real estate before merging Hai Duong and Hai Phong")
.jpg "Thai Tan village (Nam Sach) is green from house to alley")
.jpg "Number of newly established enterprises in Hai Duong increased by 21.3%")
Submit a comment
Once an iPhone is infected with the GoldPickaxe.iOS malware, the victim's banking application installed on the phone can also be compromised. And at that time, the money in the bank account is completely likely to "disappear".
That is the warning of experts when there are more and more malware, fake applications, and scams targeting the iOS operating system, especially iPhone users, with the aim of stealing personal information, hacking into bank accounts, robbing money...
Notably, a new type of malware - named GoldPickaxe.iOS - targets iOS users to steal facial recognition data, identity documents and track users' SMS messages...
Recently, the company that provides the Leather electronic wallet management application has just announced that an application impersonating this company has appeared on Apple's official application store (App Store). Some users have reported having their cryptocurrency stolen after using this fake electronic wallet.
Meanwhile, Leather said it does not yet provide services on the iOS platform (the operating system running on devices such as iPhone and iPad).
It is worth noting that this fake app even received 4.9/5 stars along with many positive comments on the App Store, making it easy for users to trust that the app is reputable. However, according to Leather, all the good reviews are also fake.
This makes many users doubt Apple's ability to check - which is always considered very strict - for every application before it is approved to appear on the app store, as well as checking for fake votes and comments.
Previously, in February 2024, Group-IB (Singapore), a cybersecurity technology company serving the investigation, prevention and fight against digital crime, said it had discovered a new type of malware - named GoldPickaxe.iOS - targeting iOS users to steal facial recognition data, identity documents and track users' SMS messages.
According to Group-IB, GoldPickaxe does not directly steal money from victims' phones.
Instead, it collects all the necessary information from the victim to create fake video deepfakes and automatically gain access to the victim's banking app.
Furthermore, during the research, Group-IB discovered that GoldPickaxe has the ability to ask victims to scan their faces and submit personal identification ID photos.
The criminals also asked for phone numbers to get more details, specifically looking for information about bank accounts linked to the victim.
In particular, this malware is disguised as Thai Government service applications to spread very similar to the current situation of fake applications in Vietnam.
Group-IB experts also said that the above malware version targeting the Android operating system has also been detected in Vietnam. Meanwhile, in Thailand, facial recognition is the method currently trusted by Thai financial institutions to verify transactions and authenticate logins.
Talk toYouthMr. Vu Ngoc Son, technology director of NCS Cyber Security Company, said that previously, malware attacks on iOS often only focused on "key people, people with a lot of important information, with political purposes".
A typical example is the Pegasus malware that attacked a number of Saudi Arabian human rights activists. However, with the GoldPickaxe malware, the criminals' attack targets have expanded to include ordinary users.
"The target could be bank accounts to steal money," said Mr. Son, adding that there are two common types of malware targeting iPhones: exploiting vulnerabilities in the iOS operating system; tricking users into installing applications.
Specifically, by exploiting the security vulnerability, remote attackers send code snippets through the basic service of the iOS operating system, usually the iMessage service built into the iPhone.
Hackers can also send victims a link to access the network via text message or email. When the victim clicks on the link, the malware will infect the phone's memory through a browser vulnerability. Then, the malware will track the user's activities, stealing information including photos, videos, messages, emails, chats...
To trick users into installing applications containing malware, hackers will have to create psychological manipulation scenarios and give instructions for users to install malware on their phones.
This is a very popular trick in Vietnam, such as impersonating police and authorities to call and threaten people, then adding Zalo friends and instructing people to install applications impersonating VNeID, public services, tax settlement... These impersonating applications all have malicious code that hackers can control remotely.
"If not vigilant, iOS users are still at risk of being tracked, having their information stolen or their bank accounts attacked," Mr. Son warned.
Similarly, Mr. Nguyen Minh Duc, CEO of Cyber Security Company CyRadar, also said that although malware on iOS is rarer than on Android, users should not be subjective.
In particular, according to Mr. Duc, Apple has tested in iOS 17.4 beta 1 operating system version allowing users to install applications from many application "markets" instead of the Apple App Store.
"This could lead to other loopholes for bad guys to exploit in the future," Mr. Duc warned.
With the current method of opening electronic bank accounts through eKYC in Vietnam, cybersecurity experts believe that those who control the GoldPickaxe malware can completely steal the identity and biometric authentication information of iPhone users to register to open fake bank accounts.
Furthermore, once an iPhone is infected with the GoldPickaxe.iOS malware, the victim's banking application installed on the phone can also be accessed. And at that time, the money in the bank account is completely likely to "disappear".
Andrey Polovinkin, a malware analyst at Group-IB's Threat Intelligence division, said the discovery of a sophisticated iOS malware highlights the unpredictable nature of security threats targeting the Asia-Pacific region.
"According to our assessment, it is likely that GoldPickaxe will soon target Vietnam, while continuously integrating key techniques and functions into malware versions to continue targeting other regions," the expert warned.
According to technology news site KrebsOnSecurity, a user named Patel posted an article on social network X/Twitter warning of a scam impersonating Apple support staff.
Specifically, after receiving hundreds of notifications requesting approval to reset his Apple account password, Mr. Patel received a call from someone claiming to be an Apple support staff and accurately provided all of his personal information.
The scammer’s goal is to get the victim to reveal the Apple ID reset password sent to the device and then take control of the account. Apple has also promptly stated that it will never make outgoing calls to customers unless requested by the customer to contact them.
The Department of Information Security (Ministry of Information and Communications) recommends that users should not access links received via text messages and be wary of requests to install software.
When installing any application, especially one related to finance, people should carefully consider the permissions the application requests and read the application's terms and policies carefully.
Cybersecurity experts also recommend that users absolutely do not install strange, unknown applications on their phones.
In addition, it is necessary to regularly update vulnerability patches from the manufacturer as well as network security warning information to identify and proactively prevent fraud.
In particular, iOS users need to periodically shut down and turn it back on to remove malware (if any) from memory.
