Cybercriminals are stealing iOS users' face scans to break into mobile banking accounts

2024-02-15 14:00

Cybercriminals are targeting iOS users with malware that steals Face ID scans to break into and pilfer money from bank accounts - thought to be a world first.

iOS target Android and iOS respectively, tricking users into performing biometric verification checks that are ultimately used to bypass the same checks employed by legitimate banking apps in Vietnam and Thailand - the geographic focus of these ongoing attacks.

Once the biometrics scans were captured, attackers then used these scans, along with deepfake software, to generate models of the victim's face.

Attackers would download the target banking app onto their own devices and use the deepfake models, along with the stolen identity documents and intercepted SMS messages, to remotely break into victims' banks.

"GoldFactory is a resourceful team, having many tricks up their sleeve: impersonation, accessibility keylogging, fake banking websites, fake bank alerts, fake call screens, identity, and facial recognition data collection," said the researchers.

Attackers can send fake alerts to app users warning them that 3 million BAT has been transferred out of their account and to contact their bank if the transaction wasn't authorized.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/02/15/cybercriminals_stealing_face_id/

#banking #cybercriminal #IOS #mobile