Click to Skip Ad
Closing in...

First-ever iPhone trojan steals facial recognition data to access bank accounts – should you worry about it?

Published Feb 16th, 2024 7:26AM EST
iPhone 15 Pro Dynamic Island
Image: Christian de Looper for BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

There’s a first for everything, which includes an iOS trojan that steals facial recognition* data to access your bank accounts to rip it off. This banking trojan was first created to attack Android users and is now modified to target iPhones as well.

This virus was discovered in a new report from Group-IB (via Tom’s Guide). Basically, this iPhone troajn collects facial recognition data, identity documents, and intercepts SMS. The researchers explain that “to exploit the stolen biometric data, the threat actor utilizes AI-driven face-swapping services to create deepfakes. This data, combined with ID documents and the ability to intercept SMS, enables cybercriminals to gain unauthorized access to the victim’s banking account – a new technique of monetary theft previously unseen by Group-IB researchers in other fraud schemes.”

Initially, this iPhone trojan used TestFlight to exploit users. Still, after Apple removed this malware, they created a scheme to persuade victims to install a Mobile Device Management (MDM) profile, which allowed the threat actor to gain complete control over the victim’s device.

Should I worry about this iPhone trojan?

iPhone 15 Pro Max Screen
iPhone 15 Pro Max’s screen. Image source: Christian de Looper for BGR

At this moment, Group-IB says the malicious activity of this iPhone trojan is focused in the Asia-Pacific region, especially Vietnam and Thailand. Still, it doesn’t mean this malware couldn’t expand to other locations, the United States included.

Still, it’s better to be safe than sorry, so you should focus on two steps: Don’t download TestFlight apps from unknown sources or MDM profiles. One thing is to use your company’s MDM profile, the other is to download a random profile from the internet.

While Apple is likely working on a fix for this iPhone trojan, the best way to protect yourself is by relying on known apps and avoiding downloading anything that you might find suspicious. With iPhone sideloading just around the corner for the European Union, you should better stay on the App Store, even with its flaws.

*The article has been updated to highlight that facial recognition data is stolen, not Face ID data.

José Adorno Tech News Reporter

José is a Tech News Reporter at BGR. He has previously covered Apple and iPhone news for 9to5Mac, and was a producer and web editor for Latin America broadcaster TV Globo. He is based out of Brazil.