No SMS can evade a sophisticated digital thief.
"GoldDigger" is the name of a new Android Trojan that targets banking apps, according to security researchers. Its objective is to attack financial applications in order to steal money from victims and give infected devices remote access.
The malware targets more than 50 Vietnamese banks, electronic wallets, and cryptocurrency wallets, as Group-IB pointed out. Additionally, there are rumors that the Trojan could spread to Spanish-speaking nations and a larger portion of the Asia-Pacific region.
Although there is good evidence to suggest that the Trojan has been active since June, it wasn't discovered until August 2023. Researchers gave it the name "GoldDigger" in honor of a particular "GoldActivity" activity they discovered in the APK file they were analyzing.
The malicious apps have been found to impersonate a Vietnamese government portal and an energy company, asking for a variety of permissions to fulfill their data collection objectives even though the exact scope of the infection is currently unknown.
Like a lot of other Android malware, the detected GoldDigger instances take advantage of system accessibility services to extend their privileges on the infected device. The Trojan gives attackers access to targeted financial applications, allowing them to interact with them, extract data from them—including credentials—intercept SMS messages, and carry out other nefarious tasks.
Giving malware access also enables it to fully monitor user activity, view bank account balances, log keystrokes, capture two-factor authentication (2FA) codes, and enable remote device access.
The attack vectors used to spread "GoldDigger" include fake corporate websites in Vietnam and false websites masquerading as official Google Play Store pages.
One of the many Trojans that have surfaced recently that target Android banking apps is GoldDigger. In the report, Group-IB emphasized that GoldDigger employs a unique advanced protection mechanism using the software program Virbox Protector, allowing the Trojan to avoid detection and posing challenges for malware analysis.
Malicious programs aimed at stealing user funds pose a serious threat to financial security. To avoid being scammed, it is important to be careful when installing any applications, paying particular attention to the permissions given. Vigilance and prudence are the key to keeping your finances safe.