GoldDigger, a new Android Trojan, imitates a fraudulent Android application and has been discovered to spoof both a Vietnamese government portal and a local energy provider.
Since at least June 2023, this specific Trojan has been active. Stealing banking credentials is its major objective.
It takes advantage of the Accessibility Service to steal personal data, intercept SMS traffic, and carry out other tasks for the user. The Trojan may be accessed remotely as well.
Researchers from Group-IB’s Threat Intelligence team discovered this Android Trojan targeting Vietnamese financial institutions. Three Android Trojans, including GoldDigger, are now operating in the Asia Pacific.
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
Tactics Of The GoldDigger Trojan
Implementing a sophisticated protection system is one of GoldDigger’s key characteristics. The Trojan can greatly restrict static and dynamic malware analysis and elude detection due to Virbox Protector, a powerful protection solution for applications.
Banking Trojans’ primary objective is to infect as many devices as they can and access user accounts.
The “Install from Unknown Sources” feature is disabled by default on all Android devices, preventing the installation of apps from unofficial sources. APKs can be installed from sources other than the Google Play Store if the “Install from Unknown Sources” feature is enabled.
To download and install GoldDigger, the “Install from Unknown Sources” feature must be turned on on the victim’s device.
The GoldDigger Trojan prompts the user to enable Accessibility Service when it is run. The accessibility features offered by Android are designed to make using mobile devices easier for people with impairments.
These services include speech-to-text, screen reading, magnification, gesture-based controls, and haptic feedback. Unfortunately, many banking Trojans, such as Gustuff and Gigabud, are taking advantage of this capability.
“Granting Accessibility Service permissions to GoldDigger enables it to gain full visibility into user actions and interact with user interface elements. This means it can see the victim’s balance, harvest the second credential issued for two-factor authentication, and implement keylogging functions, allowing it to capture credentials”, researchers said.
A variety of invasive capabilities are ensured by GoldDigger, including the capacity to replicate user activities, which allows device remote access, thus giving it a backdoor into the user’s system.
It unlocks the device’s screen. Additionally, it allows for authentication bypass, including a 2-factor bypass, which enables GoldDigger to create payments from a reliable device.
Recommendation
The best defense against malware is a client-side fraud prevention solution with many advantages.
The capacity to depend on behavioral indications to safeguard clients is their most crucial. It also includes real-time protection and adaptation to changing threats.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.