Here's how to protect against the iPhone GoldPickaxe iOS trojan

[Oscar Mayer]

Here's how to protect against the iPhone GoldPickaxe trojan.
https://9to5mac.com/2024/02/16/protect-against-iphone-trojan-goldpickaxe/

Goldpickaxe malware can collect an iOS user's biometric information from
iPhone photos, SMS text messages, intercept web activity, and more.

While the iPhone trojan was first found distributed through the iOS
TestFlight beta testing system, Apple was able to shut that down (at least
for now).

However, the latest evolution has seen GoldPickaxe being distributed
through malicious iOS mobile device management (MDM) profiles.

[Alan Browne]

Quote from Group-IB: "Social engineering is the primary method used to
deliver malware to victims’ devices across the whole family of
GoldFactory Trojans.

GoldPickaxe.iOS is distributed through Apple’s TestFlight or by
social-engineering the victims to install an MDM profile."

Note the social-engineering required to get this onboard - something
everyone needs to be vigilant about at all times.

Vector 1: TestFlight of an iOS app. Less than 1% of iPhone users?
More? Less? (more likely less). And Apple have slammed that door
shut. Nothing burger.

Vector 2: Similar - (MDM profile) something for co. IT people to look
into as well as warn their users against social engineered attacks.
Pretty close to a nothing burger.

Vector 3: social engineering. Everyone should be vigilant at all times
anyway.

--
“Markets can remain irrational longer than your can remain solvent.”
- John Maynard Keynes.

[Oscar Mayer]

On Sat, 17 Feb 2024 13:50:32 -0500, Alan Browne wrote:

> Markets can remain irrational longer than your can remain solvent.

There is a minor typo in your sig. But it's a nothing burger.

> And Apple have slammed that door shut. Nothing burger.

Another typo but more important, the fact it was there is not a nothing
burger because Occams Razor tells us there are plenty more also there.

> Vector 2: Similar - (MDM profile) something for co. IT people to look
> into as well as warn their users against social engineered attacks.
> Pretty close to a nothing burger.

It shows Apple didn't test properly. That's not a nothing burger.

> Everyone should be vigilant at all times anyway.

True but that's besides the point.

[Alan Browne]

On 2024-02-17 14:48, Oscar Mayer wrote:
> On Sat, 17 Feb 2024 13:50:32 -0500, Alan Browne wrote:
>
>> Markets can remain irrational longer than your can remain solvent.
>
> There is a minor typo in your sig. But it's a nothing burger.

I noticed that a few days ago, but haven't fixed it. But is it typical
of you to post garbage and when challenged to point at squirrels to
deflect from your worthless posts? Seems so.

>
>> And Apple have slammed that door shut.  Nothing burger.
>
> Another typo but more important, the fact it was there is not a nothing
> burger because Occams Razor tells us there are plenty more also there.

A-holes assailing s/w for illegal monetary gain is new, is it?

>> Vector 2: Similar - (MDM profile) something for co. IT people to look
>> into as well as warn their users against social engineered attacks.
>> Pretty close to a nothing burger.
>
> It shows Apple didn't test properly. That's not a nothing burger.

Nobody can test for all eventualities. And as new things creep in, the
tests get more robust. Wow - so ordinary. Snooze time.

>
>> Everyone should be vigilant at all times anyway.
>
> True but that's besides the point.

Not at all. You posted what amounts to an extreme narrow case on top of
a narrow case. When all that is pointed out, you react poorly. Sheesh.
Get a grip on reality.

--
“Markets can remain irrational longer than you can remain solvent.”
- John Maynard Keynes.

"Typos can linger for ages before they're noticed."
- Editor of 'The Absolute Perfection Guide to Publishing.'

"Pointing out people's grammar and typos errors on usenet is childish
deflection."
- Everyone above age 12.

[Jolly Roger]

Misleading clickbait.

The “facial recognition data” in question here is absolutely NOT Apple’s
Face ID data. Instead, it’s a particular Vietnamese banking app which
requires its own separate facial scans from its users that was
compromised.

Also, the app was NEVER available in Apple’s App Store. Instead, users
had to install the app through Test Flight from an untrusted developer
account. And after Apple revoked the associated developer account, users
had to manually install an untrusted Mobile Device Management (MDM)
profile in order to install the app.

Details here, for anyone interested:
https://www.group-ib.com/blog/goldfactory-ios-trojan/

While (thankfully) customers outside the EU have to jump through such
hoops to be compromised, EU customers who use alternative apps stores
should buckle up for a rough ride, because the risk of them falling
victim to this sort of thing is about to get a lot higher. 😉

--
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[Jolly Roger]

On 2024-02-17, Oscar Mayer <nob...@oscarmayer.com> wrote:

> On Sat, 17 Feb 2024 13:50:32 -0500, Alan Browne wrote:
>
>> Vector 2: Similar - (MDM profile) something for co. IT people to look
>> into as well as warn their users against social engineered attacks.
>> Pretty close to a nothing burger.
>
> It shows Apple didn't test properly.

Nah.

[Jörg Lorenz]

Am 18.02.24 um 04:06 schrieb Jolly Roger:

> EU customers who use alternative apps stores
> should buckle up for a rough ride, because the risk of them falling
> victim to this sort of thing is about to get a lot higher. 😉

Has no practical relevance.

--
"Gutta cavat lapidem." (Ovid)