
GoldPickaxe: The First iOS Trojan Stealing Your Face
A mobile-first intrusion against a retail bank's managed iPhone fleet. A relationship officer is socially engineered into installing a fake government app through Apple TestFlight and trusting a rogue MDM profile, handing GoldFactory full control of the device. The GoldPickaxe.iOS trojan harvests identity documents and a facial-recognition video, intercepts SMS, and exfiltrates over three split channels: an RSA-encrypted HTTP API, a WebSocket command channel, and an RTMP face-video stream, all to enable AI face-swap fraud against the bank's facial verification. Reconstruct the chain from mobile-threat-defense, MDM, and perimeter firewall telemetry.
Launches tomorrow
Friday, July 3, 2026 at 9:00 AM
Be ready the moment it drops — free forever.
Training Tools
What you'll investigate
7 objectives unlock when this operation goes live.
Be first when it launches
Create your free account now. The moment this operation goes live on Jul 3, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.
Get Started FreeNo credit card required — free forever