Face ID Scans Stolen to Break Into Bank Accounts in Vietnam and Thailand
-
Cybercriminals are using malware to steal Face ID scans and break into bank accounts in Vietnam and Thailand. This is the first known case of stolen Face ID being used this way.
-
The attackers distributed trojanized apps masquerading as official government apps to trick users into providing biometric data.
-
Once they had the biometrics, they used deepfake software to simulate the victim's face and bypass facial recognition protections on banking apps.
-
The attacks exploited new facial recognition requirements mandated for certain financial transactions in Thailand and forthcoming in Vietnam.
-
The malware was created by a sophisticated cybercrime group called GoldFactory that has a history of developing customized Android and iOS trojans for financial fraud.