Cybersecurity researchers have identified a new Trojan called “Golddigger” that specifically targets Android banking applications. The Trojan’s objective is to steal victims’ information and gain remote access to infected devices.
According to Group-IB, a cybersecurity company, Golddigger has already targeted over 50 Vietnamese banks, electronic payment systems, and cryptocurrencies. There are concerns that it may expand its reach to other countries in the Asia-Pacific region, as well as Spanish-speaking countries.
The Trojan was initially detected in August 2023, but researchers believe it has been active since June. It was named “Golddigger” due to its connection to the “Goldactivity” discovered in the analyzed APK file.
While the exact extent of the infection is unknown, it has been found that the malicious applications disguise themselves as a Vietnamese government portal and an energy company, tricking users into granting various permissions.
Similar to other Android malware, Golddigger exploits system capabilities to gain additional privileges on the infected device. This allows attackers to manipulate financial applications, extract sensitive information such as accounting data and intercept SMS messages, as well as perform other malicious actions.
The distribution of Golddigger involves fake websites impersonating legitimate pages of the Google Play store and fake corporate sites in Vietnam.
Golddigger is just one of many Trojan attacks on Android banking applications in recent months. Group-IB highlights that Golddigger utilizes the advanced protection mechanism of the Virbox Protector software solution, making it difficult to detect and analyze.
Malware targeting financial transactions poses a serious threat to financial security. To avoid falling victim to fraud, it is crucial to exercise caution when installing applications, particularly by reviewing the permissions requested. Remaining vigilant and prudent is key to safeguarding personal finances.