There’s a first for everything, which includes an iOS trojan that steals facial recognition* data to access your bank accounts to rip it off. This banking trojan was first created to attack Android users and is now modified to target iPhones as well.
This virus was discovered in a new report from Group-IB (via Tom’s Guide). Basically, this iPhone troajn collects facial recognition data, identity documents, and intercepts SMS. The researchers explain that “to exploit the stolen biometric data, the threat actor utilizes AI-driven face-swapping services to create deepfakes. This data, combined with ID documents and the ability to intercept SMS, enables cybercriminals to gain unauthorized access to the victim’s banking account – a new technique of monetary theft previously unseen by Group-IB researchers in other fraud schemes.”
Initially, this iPhone trojan used TestFlight to exploit users. Still, after Apple removed this malware, they created a scheme to persuade victims to install a Mobile Device Management (MDM) profile, which allowed the threat actor to gain complete control over the victim’s device.
Should I worry about this iPhone trojan?
At this moment, Group-IB says the malicious activity of this iPhone trojan is focused in the Asia-Pacific region, especially Vietnam and Thailand. Still, it doesn’t mean this malware couldn’t expand to other locations, the United States included.
Still, it’s better to be safe than sorry, so you should focus on two steps: Don’t download TestFlight apps from unknown sources or MDM profiles. One thing is to use your company’s MDM profile, the other is to download a random profile from the internet.
While Apple is likely working on a fix for this iPhone trojan, the best way to protect yourself is by relying on known apps and avoiding downloading anything that you might find suspicious. With iPhone sideloading just around the corner for the European Union, you should better stay on the App Store, even with its flaws.
*The article has been updated to highlight that facial recognition data is stolen, not Face ID data.
