Skip to main content
GoldPickaxe: The First iOS Trojan Stealing Your Face operation cover
COMING SOONIntermediate

GoldPickaxe: The First iOS Trojan Stealing Your Face

A mobile-first intrusion against a retail bank's managed iPhone fleet. A relationship officer is socially engineered into installing a fake government app through Apple TestFlight and trusting a rogue MDM profile, handing GoldFactory full control of the device. The GoldPickaxe.iOS trojan harvests identity documents and a facial-recognition video, intercepts SMS, and exfiltrates over three split channels: an RSA-encrypted HTTP API, a WebSocket command channel, and an RTMP face-video stream, all to enable AI face-swap fraud against the bank's facial verification. Reconstruct the chain from mobile-threat-defense, MDM, and perimeter firewall telemetry.

45m
7 tasks
50 points
Free

Launches tomorrow

Jul 3, 2026

Friday, July 3, 2026 at 9:00 AM

Create your free account

Be ready the moment it drops — free forever.

Training Tools

SIEMFirewall

What you'll investigate

7 objectives unlock when this operation goes live.

1Incident brief
2Find the delivery host
3Recover the trojan's file indicator
4Identify the data-upload command-and-control host
5Separate the face-video upload from the command channels
6Classify the runtime-code fetch
7Classify the encrypted-upload technique

Be first when it launches

Create your free account now. The moment this operation goes live on Jul 3, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.

Get Started Free

No credit card required — free forever

GoldPickaxe: The First iOS Trojan Stealing Your Face — Coming Soon | SOCSimulator