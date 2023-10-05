Was discovery a new Banking trojan for Android called GoldDiggerwhich targets various financial applications with the aim of stealing funds from victims and insert infected devices into a botnet network.

Unfortunately these types of attacks they are increasingly frequent in recent timessuch as the Zanubis and Nexus cases.

GoldDigger, where it came from and why it was created

“The malware targets more than 50 Vietnamese banking applications, e-wallets and crypto wallets“, they have declared the experts from Group-IB. “There are indications that this threat [informatica] it may be poised to extend its reach to Asia-Pacific regions and Spanish-speaking countries as well“.

The malware was detected for the first time from the Singapore-based company in August 2023, though there is evidence to suggest it has been active since June 2023.

While it is not currently known exactly how many infections there are around the world, the malicious applications have been found to be pretending to be a Vietnamese government portal and an energy company to request invasive permissions in order to achieve its data collection goalswhich in hacking jargon is called “fake login“.

This mainly includes theabuse of the Android accessibility serviceswhich are intended to assist disabled users in using apps, all with the purpose of interact with apps targeted by hackers and extract personal information, steal banking app credentials, intercept SMS messages, and perform various user actions.

Granting permissions to malware It also allows you to get complete visibility into user actions, essentially spying on what the user does online, in this case things like viewing bank account balances, capturing two-factor authentication (2FA) codes and logging keystrokes, as well as facilitating remote access to the device.

The series of attacks featuring the GoldDigger malware exploits fake websites pretending to be Google Play Store pages and (obviously fake) company websites in Vietnam, increasing the possibility that these links will be spread to victims through traditional smishing or phishing tactics.

However, the success of the hacker attack campaign depends on enabling the “Install from unknown sources” option to allow the installation of arbitrary apps available outside the official store (yes, paradoxically it helps a minimum of knowledge of Android to fall for it).

GoldDigger is one of numerous banking Trojans for Android which have only emerged in recent months and adds to an already large number of similar tools currently circulating on the internet.

“One of the main features of GoldDigger is the use of a advanced protection mechanism“, the cybersecurity company Group-IB announced in a recent report.

“Virbox Protector, legitimate software identified in all discovered GoldDigger samples, allows the trojan to significantly complicate both static and dynamic malware analysis and avoid detection. This presents a challenge in causing malicious activity in sandboxes or emulators“.

Conclusion

Even if this thing has affected countries in the Pacific part of the Asian continent this does not mean that similar things happen here too, It’s okay to download from unknown sources on Android but always pay attention to the source, since not all sources are safe.