iOS Malware Steals Facial Recognition Data and Targets Bank Details

Sophia Taylor

By Sophia Taylor


In the ongoing debate of iPhone versus Android security, it’s commonly accepted that Apple’s devices offer superior protection. However, recent findings challenge this notion, revealing that even iPhones are vulnerable to sophisticated cyberattacks. A startling new investigation has unveiled a perilous trojan that exploits iPhones, compromising users’ banking information by stealing facial recognition data.

Unprecedented iOS Malware Discovery

The discovery, made by cybersecurity experts at Group-IB, marks a rare breach in iOS security. This advanced mobile trojan, specifically engineered to infiltrate iOS devices, has been caught collecting facial recognition data, personal identification documents, and intercepting text messages. This breach is particularly alarming for iPhone users who have long believed in the impenetrability of their devices.

This malware variant, originally identified on Android platforms, brings to light the unsettling reality that iPhone security is not infallible. The core of the iPhone’s security, including FaceID, remains uncompromised. However, the trojan cleverly bypasses this by capturing facial data from the device, which is then manipulated using an AI-powered face-swapping service to create deepfake images. These fabricated images, alongside intercepted SMS messages, facilitate unauthorized access to victims’ banking accounts.

Group-IB has characterized this method as a novel and previously unseen approach to financial theft, highlighting the sophistication and creativity of modern cybercriminals. The primary targets of these attacks have been located in the Asia-Pacific region, but the threat is global.

Evolving Tactics and Distribution Methods

The initial distribution method utilized by the attackers was through Apple’s TestFlight, a platform for distributing beta versions of apps. After this pathway was closed, the attackers adapted, employing social engineering strategies to deceive users into installing a malicious Mobile Device Management (MDM) profile. This profile grants attackers complete control over the device, significantly compromising user security.

"Installing apps via TestFlight or MDM profiles bypasses App Store vetting, increasing risks of malware exposure. Always verify the developer's credibility and app's purpose."

Russell Kent-Payne, Co-Founder of Certo

Protective Measures for iPhone Users

This incident serves as a stark reminder of the evolving landscape of cyber threats and the need for vigilance among iPhone users. It underscores the importance of scrutinizing the origins of the apps and profiles installed on devices and highlights the sophistication of techniques used by cybercriminals to gain unauthorized access to sensitive information.

As we navigate this digital age, staying informed and cautious is paramount for safeguarding our digital identities and financial security.