A brand new Android banking trojan named GoldDigger has been discovered focusing on a number of monetary purposes with an intention to siphon victims’ funds and backdoor contaminated gadgets.
“The malware targets greater than 50 Vietnamese banking, e-wallet and crypto pockets purposes,” Group-IB mentioned. “There are indications that this menace is perhaps poised to increase its attain throughout the broader APAC area and to Spanish-speaking nations.”
The malware was first detected by the Singapore-headquartered firm in August 2023, though there may be proof to counsel that it has been lively since June 2023.
Whereas the precise scale of the infections is at present not recognized, the malicious apps have been discovered to impersonate a Vietnamese authorities portal and an vitality firm to request intrusive permissions to satisfy its data-gathering objectives.
This primarily contains abusing Android’s accessibility companies, which is meant to help customers with disabilities to make use of the apps, to be able to work together with the focused apps and extract private data, steal banking app credentials, intercept SMS messages, and carry out numerous consumer actions.
Granting permissions to the malware additionally permits it to achieve full visibility into consumer actions and look at checking account balances, seize two-factor authentication (2FA) codes, and log keystrokes, in addition to facilitate system distant entry.
Assault chains distributing GoldDigger leverage faux web sites impersonating Google Play Retailer pages and counterfeit company web sites in Vietnam, elevating the likelihood that these hyperlinks are propagated to victims through smishing or conventional phishing ways.
Nevertheless, the success of the marketing campaign hinges on enabling the “Set up from Unknown Sources” choice to permit the set up of arbitrary apps accessible exterior of the official storefront.
GoldDigger is certainly one of a number of Android banking trojans which have surfaced simply over the previous few months and have added to an already giant quantity of related instruments at present circulating within the wild.
“One of many fundamental options of GoldDigger is its use of a sophisticated safety mechanism,” the corporate famous in a report shared with The Hacker Information.
“Virbox Protector, a reliable software program recognized in all found samples of GoldDigger, permits the Trojan to considerably complicate each static and dynamic malware evaluation and evade detection. This presents a problem in triggering malicious exercise in sandboxes or emulators.”
