Apple constantly updates its operating systems with security patches, which are often exploited by hackers to attack users in many different ways. This time, however, cybersecurity company Group-IB has reported the existence of a new “GoldDigger” trojan that targets iOS users to steal their bank accounts.

GoldDigger trojan can steal sensitive data from iOS users

According to a detailed report by Group-IB (via Tom’s Guide), GoldDigger was first created for Android, but has now been successfully ported to attack iPhone and iPad users. The company claims that this is potentially the first trojan made for iOS, and it can be quite dangerous as it collects facial recognition data, ID documents, and even SMS.

With all this data, hackers use AI-based tools to create deepfakes and gain access to victims’ bank accounts. By the time the victims realize what has happened, it may be too late.

At first, the trojan was distributed through Apple’s TestFlight – which lets developers release beta versions of their apps without going through the App Store’s review process. However, after Apple removed it from TestFlight, the hackers adopted a more sophisticated approach based on a Mobile Device Management (MDM) profile, which is mainly used to manage enterprise devices.

These profiles allow companies to customize and control many aspects of the system according to their needs. But what hackers do is convince users to install the malicious profile in order to download an app from outside the App Store. When this happens, they can collect all the data they need.

According to the report, GoldDigger mainly targets people in Vietnam and Thailand. However, it could also be used to attack users in other parts of the world. Group-IB claims that the trojan is in an “active stage of evolution.”

So what’s next?

At least for now, it seems that even the latest versions of iOS and iPadOS are still vulnerable to this trojan. Group-IB says it has informed Apple about the trojan, so it’s likely that the company is already working on a fix. For now, the best thing you can do to avoid attacks like this is not to install apps from sources you don’t trust.

You can find more details about the GoldDigger trojan here.

Image: Unsplash

FTC: We use income earning auto affiliate links. More.