THE GoldPickaxe banking Trojan, attributed to the Chinese-speaking crime group GoldFactory, targets users of mobile banking and finance apps primarily in Southeast Asia. It spreads via phishing sites mimicking the KuaiBo streaming app. Once installed, it employs advanced techniques, including using a dropper app that associates with a second payload to evade detection.
GoldPickaxe can capture biometric data, bank logins, SMS messages, and significantly compromise user security through keylogging, remote control, and unauthorized data injection. The campaign has impacted users in multiple countries, including Indonesia and Malaysia. To protect against such threats, users are advised to download apps only from official sources and avoid sharing sensitive data with untrusted apps.