The method — developed by a Chinese-based hacking family — is believed to have been used in Vietnam earlier this month, when attackers lured a victim into a malicious app, tricked them into face scanning, then withdrew the equivalent of $40,000 from their bank account.
These hackers “have introduced a new category of malware families that specialize in harvesting facial recognition data,” Sharmine Low, malware analyst in Group-IB’s Asia-Pacific APAC threat intelligence team, wrote in a blog post. “They have also developed a tool that facilitates direct communication between victims and cybercriminals posing as legitimate bank call centers.”
A Whole New Fraud Technique
These hackers “have introduced a new category of malware families that specialize in harvesting facial recognition data,” Low said. Face swap deepfake attacks increased by 704% between the first and second halves of 2023, according to a new iProov Threat Intelligence Report. The biometric authentication company also discovered a 672% increase in the use of deepfake media being used alongside spoofing tools and a 353% increase in the use of emulators (which mimic user devices) and spoofing to launch digital injection attacks.
Furthermore, “cybercriminals are becoming increasingly creative and adept at social engineering,” Low writes. “By exploiting human psychology and trust, bad actors construct intricate schemes that can deceive even the most vigilant users.”
Venturebeat has the full story including the recommendations to help users avoid biometric attacks.