Group-IB, a cybersecurity company based in Singapore, recently attributed the development of sophisticated banking trojans to Chinese-speaking cyber crime group GoldFactory. One of the group’s prominent trojans, GoldPickaxe, is capable of harvesting identity documents, facial recognition data, and SMS information on iOS and Android devices. The threat group has previously targeted Thailand, Vietnam, and other Asia-Pacific nations with social engineering campaigns. The criminal group acts as local banks and government organizations, sends phishing messages designed to start conversations with victims over private messaging services, and sends malicious URLs that deploy the group’s various trojans on victim devices. In response to recent Thai security measures that require individuals to confirm large transactions with facial recognition, GoldPickaxe prompts victims to record extensive facial video during a fake application process. In combination with other ID documents and photos, security researchers suspect GoldFactory will use this footage to create deepfakes of victims to pass facial recognition security checks in Thailand.

