CarderPlanet
Professional
No text message can hide from an advanced digital thief.
Cybersecurity researchers have discovered a new Trojan for Android that targets banking apps, dubbed "GoldDigger". Its goal is to attack financial applications to steal victims funds and provide remote access to infected devices.
According to Group-IB, the malware attacks more than 50 Vietnamese banks, electronic and crypto wallets. There are also suggestions that the Trojan may expand its presence to a wider area of the Asia-Pacific region, as well as to Spanish-speaking countries.
The Trojan was first detected in August 2023, although there is every reason to believe that it has been active since June. It was named "GoldDigger" by the researchers in connection with the specific detected "GoldActivity" activity in the analyzed APK file.
Although the exact scale of the infection is currently unknown, malicious apps have been found to impersonate a Vietnamese government portal and an energy company, requesting all sorts of permissions to achieve their data collection goals.
Detected instances of "GoldDigger", like many other Android malware, abuse the system's accessibility services in order to gain even more privileges on the infected device. The Trojan allows attackers to interact with targeted financial applications, extract information from them, including credentials, intercept SMS messages, and perform other malicious actions.
Granting permissions to the malware also allows it to fully track user actions and view bank account balances, capture two-factor authentication (2FA) codes and log keystrokes, and facilitates remote access to the device.
The attack vectors spreading "GoldDigger" use fake websites posing as legitimate Google Play Store pages, as well as fake corporate websites in Vietnam.
"GoldDigger" is one of many Trojans for banking applications on Android that have appeared over the past few months. Group-IB emphasized in the report that GoldDigger uses a special advanced protection mechanism using the Virbox Protector software solution, which allows the Trojan to evade detection and creates problems when trying to analyze malware.
Malicious programs aimed at stealing users funds pose a serious threat to financial security. To avoid fraud, it is important to be careful when installing any applications, paying special attention to the permissions granted. Vigilance and discretion are the key to keeping your finances safe.
Cybersecurity researchers have discovered a new Trojan for Android that targets banking apps, dubbed "GoldDigger". Its goal is to attack financial applications to steal victims funds and provide remote access to infected devices.
According to Group-IB, the malware attacks more than 50 Vietnamese banks, electronic and crypto wallets. There are also suggestions that the Trojan may expand its presence to a wider area of the Asia-Pacific region, as well as to Spanish-speaking countries.
The Trojan was first detected in August 2023, although there is every reason to believe that it has been active since June. It was named "GoldDigger" by the researchers in connection with the specific detected "GoldActivity" activity in the analyzed APK file.
Although the exact scale of the infection is currently unknown, malicious apps have been found to impersonate a Vietnamese government portal and an energy company, requesting all sorts of permissions to achieve their data collection goals.
Detected instances of "GoldDigger", like many other Android malware, abuse the system's accessibility services in order to gain even more privileges on the infected device. The Trojan allows attackers to interact with targeted financial applications, extract information from them, including credentials, intercept SMS messages, and perform other malicious actions.
Granting permissions to the malware also allows it to fully track user actions and view bank account balances, capture two-factor authentication (2FA) codes and log keystrokes, and facilitates remote access to the device.
The attack vectors spreading "GoldDigger" use fake websites posing as legitimate Google Play Store pages, as well as fake corporate websites in Vietnam.
"GoldDigger" is one of many Trojans for banking applications on Android that have appeared over the past few months. Group-IB emphasized in the report that GoldDigger uses a special advanced protection mechanism using the Virbox Protector software solution, which allows the Trojan to evade detection and creates problems when trying to analyze malware.
Malicious programs aimed at stealing users funds pose a serious threat to financial security. To avoid fraud, it is important to be careful when installing any applications, paying special attention to the permissions granted. Vigilance and discretion are the key to keeping your finances safe.
