Scams are getting more adept at disguising their schemes, making it harder to identify what's a scam and what isn't.
With the increasing use of AI, scammers are now using deepfake tactics to impersonate loved ones and con people out of money.
Whether it's your stranded spouse with a broken down car needing gas money, or your sister urgently requesting financial assistance, things are getting all too realistic.
Android users were originally warned of the swooping virus that could impersonate its user, and it has now migrated onto its rival Apple.
Advert
Dubbed 'GoldPickaxe,' the mobile trojan uses advanced social engineering tactics to lure victims into scanning their faces and ID documents.
This malicious activity is suspected of facilitating the creation of deepfakes, enabling unauthorised access to banking systems.
Criminals can then use the fake images of you to steal your cash through Apple's face recognition. They can also monitor and track text messages for further exploitation.
Advert
The trojan was discovered by cybersecurity firm Group-IB, who confirmed the threat across iOS devices.
It has been linked with the Chinese threat group 'GoldFactory,' which has ties to other malware strains such as 'GoldDigger,' 'GoldDiggerPlus,' and 'GoldKefu.'
So far though, the virus hasn't affected anywhere but Vietnam and Thailand.
Group-IB’s Threat Intelligence unit says it has been 'constantly monitoring this evolving threat and unearthed an entire cluster of aggressive banking Trojans'.
Advert
For iOS users, scammers initially directed victims to a TestFlight URL that bypassed standard security checks. After Apple removed TestFlight, the attackers shifted tactics to persuade users to downloading a malicious Mobile Device Management (MDM) profile, granting full control over the device.
Once installed, the trojan can capture faces, intercept SMS and request ID verification.
Unfortunately, the Android variant only has more malicious activities due to its weaker security barriers.
Advert
Utilising over 20 bogus apps as its disguise, GoldPickaxe on Android can access SMS, browse files, upload photos, install additional packages, and create fake notifications.
The best way for smartphone users to safeguard themselves against these kinds of malicious acts is to never download or open any links from unknown contacts.
Keep an eye out for any suspicious activity on your phone also including mysteriously appearing apps or the unauthorised powering on of your device's camera.