The trojan affecting iPhone devices was discovered by cybersecurity firm Group-IB, which also named the malware.
Group-IB stated that it has already informed Apple and the company is likely working on a fix
Photo Credit: Lucas Hoang/Unsplash
iPhone devices are being targeted by a rare trojan called GoldDigger, a cybersecurity firm has reported. The malware is part of a cluster of aggressive banking trojans that have been affecting users in the Asia-Pacific (APAC) region. The earlier spotted malware group was only affecting Android users, but a new version has now been unearthed that specifically targets iOS and steals facial recognition data and other sensitive information from devices. This development is rare since Apple is known to be proactive in releasing security patches for its operating system.
Cybersecurity firm Group-IB was behind the discovery of the iOS trojan. The group has been tracking it since October 2023, when it first found a new variant of Android malware and named it GoldDigger. The malicious programme was found to be a banking trojan that steals financial information and targets banking apps, e-wallets, and crypto-wallets. It was first spotted in Vietnam but later identified as a cluster that was affecting the entire APAC region.
In its findings, the group noted that “a new sophisticated mobile Trojan specifically aimed at iOS users, dubbed GoldPickaxe.iOS by Group-IB” has been discovered. The malware is capable of stealing facial recognition data, identity documents, and can even intercept SMS.
The cybersecurity group also claimed that the threat actors behind the GoldDigger malware likely take advantage of face-swapping AI tools to create deepfakes based on the Face ID data. Then, using a combination of identity documents, access to SMS, and Face ID data, the hacker behind the programme can gain access to the victim's iPhone and their banking apps. The threat actors then make repeated bank transactions to steal the victim's money. As per Group-IB, this method of monetary theft was previously unseen.
It was reported that the malware was earlier distributed through the TestFlight app, which lets developers beta-test new features before rolling them out, however, it was quickly removed by Apple. Now, it is being spread through a multi-level social engineering technique which involves tricking the victims into installing a Mobile Device Management (MDM) profile.
The trojan is suspected to be connected with an organised Chinese-speaking cybercrime group and is mainly affecting Vietnam and Thailand. There is a possibility that it might spread to other regions as well. The cybersecurity group stated that it has informed Apple about the trojan, and it is likely that the iPhone maker is already in the process of creating a fix.
Catch the latest from the Consumer Electronics Show on Gadgets 360, at our CES 2026 hub.