A cybersecurity company [3], Group-IB [3], has recently discovered a new Trojan called GoldPickaxe that targets users in Thailand and potentially Vietnam. This Trojan [1] [2] [3] [4], developed by a cybercrime group known as GoldFactory [1] [2], steals facial-recognition data to gain unauthorized access to victims’ banking accounts [3] [4].


GoldPickaxe is a sophisticated malware that utilizes AI face-swapping services to create deepfake videos, replacing the victim’s face with the attacker’s [3]. It disguises itself as legitimate apps [4], specifically Thai government service apps [3], and tricks users into providing personal information and undergoing a facial scan. Group-IB has also found an Android version of GoldPickaxe with enhanced capabilities. Interestingly, the malware does not exploit vulnerabilities in iOS but instead relies on tricking victims into installing the malicious app and granting device permissions [3].

Group-IB suspects that GoldFactory, a Chinese hacking group [3], is behind the creation and distribution of this Trojan. This suspicion is based on their previous circulation of Trojans posing as Vietnamese banking apps. GoldFactory has demonstrated operational maturity and expertise in malware development [4], refining their Android malware and even developing a more sophisticated version of GoldPickaxe for both Android and iOS devices [4].


The discovery of GoldPickaxe highlights the increasing sophistication of cybercrime groups and their ability to exploit emerging technologies like deepfake videos. This Trojan poses a significant threat to users in Thailand and potentially Vietnam, as it targets their banking accounts by stealing facial-recognition data. It is crucial for users to remain vigilant and only download apps from trusted sources. Additionally, this incident underscores the need for stronger cybersecurity measures and international cooperation to combat the evolving tactics of cybercriminals.


[1] https://www.infosecurity-magazine.com/news/goldpickaxe-trojan-biometric/
[2] https://ciso2ciso.com/goldpickaxe-trojan-blends-biometrics-theft-and-deepfakes-to-scam-banks-source-www-infosecurity-magazine-com/
[3] https://me.pcmag.com/en/security/22025/this-ios-trojan-is-harvesting-facial-recognition-data
[4] https://www.databreachtoday.com/banking-trojan-harvests-facial-biometrics-for-ai-deepfakes-a-24370