Hackers Targeting Asian Bank Accounts with Stolen Facial Recognition Data
Suspected Chinese hackers have launched a sophisticated campaign to steal facial recognition data and gain unauthorized access to bank accounts in Southeast Asia, according to researchers at cybersecurity firm Group-IB.
The group, known as GoldFactory, initially gained attention in October 2023 with the discovery of an Android-based trojan called GoldDigger, which targeted accounts at over 50 Vietnamese banks. The latest activity observed by researchers represents an expansion of this campaign, featuring novel tactics such as the use of stolen facial recognition data.
The hackers deployed four trojans, including GoldPickaxe, distributed via Apple’s TestFlight platform and later through a social engineering scheme involving Mobile Device Management (MDM) profiles. By posing as government officials or utility service providers, the hackers lured victims into installing malicious applications, prompting them to record facial recognition videos under false pretenses.
These videos were then utilized to create deepfake videos using face-swapping AI services. This method, combined with the ability to intercept SMS messages and access photos of ID documents, enabled cybercriminals to circumvent security measures and gain unauthorized access to bank accounts.
