Global cybersecurity firm Group-IB recently announced its discovery of GoldPickaxe, the first Trojan variant specifically engineered to target iOS users in Vietnam and Thailand. This malware is capable of harvesting facial recognition data, identity documents, and intercepting SMS messages on Apple’s iPhones. The emergence of GoldPickaxe shatters the long-held belief in the superior security of iPhones.
Concurrently, experts at Kaspersky, while monitoring their organization’s Wi-Fi network traffic using the Kaspersky Unified Monitoring and Analysis Platform (KUMA), detected an active cyberattack campaign targeting mobile phones.
Further investigation revealed that threat actors had compromised the iOS devices of dozens of company employees. Victims received iMessage texts containing attachments with a zero-click exploit. This exploit, requiring no user interaction, triggered a vulnerability that led to code execution, enabling privilege escalation and granting attackers complete control over the compromised devices.
CEO Nguyen Van Thu of Cybersecurity at BKAV Corp. highlighted several prevalent attack vectors targeting smartphones, including
- Malware, often disseminated through counterfeit applications or files downloaded from untrusted sources;
- Phishing attacks, which involve sending fraudulent messages or emails to illicitly obtain personal information or account credentials;
- Social Engineering, where attackers exploit users’ credulity or lack of awareness to gain unauthorized access.
He also pointed to the exploitation of operating system and application vulnerabilities, attacks on outdated or unpatched systems, and threats via wireless connections such as rogue Wi-Fi networks, Bluetooth, and NFC.
Recent statistics from Kaspersky reveal that its security solutions thwarted over 893 million phishing attacks in 2024, a significant 26-percent increase from the nearly 710 million incidents recorded in 2023. A multitude of online fraud schemes are designed to steal data and money or distribute malware.
Cybercriminals frequently create convincing imitations of website interfaces for popular brands like Booking.com, Airbnb, TikTok, Telegram, and various other smartphone-based platforms.
Perhaps unexpectedly, the most common threat to mobile devices is adware. Designed to aggressively display advertisements, often through pop-up windows, adware accounts for a staggering 40.8 percent of all mobile threats detected by security firms. Alongside this, spyware and eavesdropping software are often surreptitiously bundled with or embedded within numerous applications.
Cybersecurity experts therefore assert that smartphones can be even more susceptible to attacks than computers, as criminals often only need a well-crafted psychological manipulation script to trick users into installing malware themselves.
Data protection on smartphones is an area often neglected, largely due to a subjective belief that these devices are solely for personal use and do not store critical data. In reality, smartphones hold a wealth of sensitive information, including passwords, OTP codes, banking details, and work-related data.
Head Vu Ngoc Son of the Technology Committee at the National Cybersecurity Association (NCA) noted that due to digital transformation, corporate apps are on mobile platforms, making smartphones integral to company systems. Storing sensitive data like internal accounts and emails, they become prime hacker targets for launching attacks on organizational networks.
This vulnerability is, therefore, critical for personal device users. Robust smartphone protection is paramount; users should choose reputable commercial software. Free tools from non-profit organizations like NCA’s nTrust also offer malware scanning and anti-phishing support, highlighting the need for layered security on personal devices used for work.
Cybersecurity professionals warn that criminals exploit personal devices to spread malware and infiltrate corporate systems (via email, apps, VPNs), bypassing enterprise security through unmanaged devices.
CEO Nguyen Van Thu advises users to avoid unverified apps, use two-factor authentication (2FA), update OS/apps regularly, and refrain from accessing internal systems with unprotected devices. For system administrators, he stresses implementing clear personal device policies, deploying Mobile Device Management (MDM) systems, mandating security software on devices accessing corporate data, and enforcing strict network access controls and data encryption. This comprehensive approach is vital for robust enterprise security.
Numerous technological solutions feature on Resolution 57 e-Portal.
The Ministry of Science and Technology (MoST) has developed and launched the Resolution 57 Portal, which disseminates a wide array of science, technology, and innovation products and solutions, as well as digital transformation initiatives. The Resolution 57 Portal plays a crucial role in actualizing the objectives of the Politburo’s Resolution No. 57-NQ/TW dated December 22, 2024, concerning a breakthrough in the development of science, technology, innovation, and national digital transformation.
By mid-May 2025, the e-Portal received 161 product/solution proposals and 14 ideas, while publishing 103 across sectors like digital access, digital technology, agriculture, environment, education, healthcare, culture, cloud computing, transportation and logistics. The Ministry of Science and Technology, consulting the National Advisory Council, evaluates these promising innovations and digital solutions for high-impact, real-world application.
Proposal to expand sandbox application scopes
The HCMC Center for the 4th Industrial Revolution (HCMC C4IR) recently held a consultation session to gather input from business representatives and associations to inform the development of breakthrough policy proposals in the fields of science, technology, innovation, and digital transformation.
Numerous associations and businesses highlighted obstacles in technology research and application, proposing practical solutions and policies. Several opinions also underscored the necessity of implementing groundbreaking policies in the sandbox domain. Director Le Truong Duy of HCMC C4IR stated that his organization will continue to collaborate with businesses, research institutes, associations, and relevant authorities to foster an open, sustainable, and highly adaptable innovation ecosystem, contributing to the knowledge-based economic development of HCMC and the nation in general.
