securityonline.info 7/17/2026, 4:27:24 PM · external

GoldPickaxe Trojan Steals Biometrics, Logins via KuaiBo Phishing

GoldPickaxe Trojan Steals Biometrics, Logins via KuaiBo Phishing
CyberSIXT Evidence Panel
Primary Source zimperium.com
Threat Actor
🇨🇳 GoldFactory

THE GoldPickaxe banking Trojan, attributed to the Chinese-speaking crime group GoldFactory, targets users of mobile banking and finance apps primarily in Southeast Asia. It spreads via phishing sites mimicking the KuaiBo streaming app. Once installed, it employs advanced techniques, including using a dropper app that associates with a second payload to evade detection.

GoldPickaxe can capture biometric data, bank logins, SMS messages, and significantly compromise user security through keylogging, remote control, and unauthorized data injection. The campaign has impacted users in multiple countries, including Indonesia and Malaysia. To protect against such threats, users are advised to download apps only from official sources and avoid sharing sensitive data with untrusted apps.

View Primary Source Via securityonline.info

Article by CyberSIXT