Beware: ‘GoldDigger’ Trojan Threatens iOS Users, Stealing Sensitive Data and Bank Accounts


As Apple diligently fortifies its operating systems with security patches, cybercriminals persistently devise new tactics to exploit vulnerabilities. The latest threat comes in the form of the “GoldDigger” trojan, meticulously crafted to target iOS users, posing a grave risk of bank account theft and data compromise.

GoldDigger Trojan Strikes iOS Users Cybersecurity firm Group-IB has sounded the alarm on the GoldDigger trojan, originally engineered for Android but now adeptly repurposed to infiltrate iPhones and iPads. This sophisticated malware represents a perilous milestone as potentially the first trojan tailored for iOS. Its insidious capabilities extend to pilfering facial recognition data, identity documents, and even SMS communications.

Armed with this trove of sensitive information, hackers leverage AI-driven tools to concoct deepfake personas, facilitating unauthorized access to victims’ bank accounts. By the time individuals detect the breach, the damage may already be done.

Initially disseminated through Apple’s TestFlight platform, which facilitates beta app releases, GoldDigger swiftly adapted its tactics after being ousted from the platform. Exploiting Mobile Device Management (MDM) profiles—a staple in enterprise device management—hackers coerce users into installing malicious profiles under the guise of accessing non-App Store apps. Once installed, these profiles furnish hackers with unrestricted access to invaluable user data.

Targets and Expansion While GoldDigger predominantly preys on individuals in Vietnam and Thailand, its potential for global proliferation remains a looming threat. Group-IB underscores that the trojan is actively evolving, hinting at broader and more sophisticated attacks on the horizon.

Mitigation and Vigilance Despite the evolving threat landscape, users can fortify their defenses by exercising caution. Refraining from installing apps sourced from untrusted outlets is paramount to mitigating risks associated with trojans like GoldDigger. Additionally, promptly updating devices with the latest security patches and remaining vigilant against suspicious activity can further bolster cybersecurity defenses.

As Group-IB collaborates with Apple to combat this insidious threat, iOS users must remain vigilant and proactive in safeguarding their digital assets against potential incursions by the GoldDigger trojan.