Group-IB: 'GoldDigger' Banking Trojan Targets Vietnamese OrganizationsGroup-IB: 'GoldDigger' Banking Trojan Targets Vietnamese Organizations
The malware uses software to evade detection while also making it difficult to analyze.
October 5, 2023
Group-IB discovered an Android Trojan in August targeting more than 50 financial organizations in Vietnam that it's dubbed GoldDigger.
The Trojan has been active since June, when Group-IB's intelligence unit identified more than 10 fake websites impersonating Google Play Store pages.
GoldDigger's primary goal is to steal banking credentials. When first installed and launched, it abuses the Accessibility Service to steal personal information and intercept SMS messages. The malware avoids detection by disguising itself as a false Android application, impersonating a Vietnamese government portal as well as an energy company through at least two different variants.
The analysis published by Group-IB noted that GoldDigger uses Virbox Protector, which allows the malware to evade detection and make it difficult to analyze. The use of Virbox by these Trojans targeting banking information is a rising trend, with two other active Android Trojans using these same methods in the Asia-Pacific region.
These Trojans seek to "infect as many devices as possible and gain access to user accounts," Group-IB stated. "The most effective way to combat them is with client-side fraud protection solutions that offer multiple benefits. These include real-time protection, adaptability to evolving threats and, most importantly, the ability to rely on behavioral indicators to protect customers," the researchers noted.
Group-IB contacted the Vietnam Computer Emergency Response Team to inform them of their findings, including technical information and indicators of compromise. Group-IB has also notified customers of this threat.
"At the moment, GoldDigger is primarily focusing on targets in Vietnam," stated Anh Le, Group-IB's business development manager in Vietnam. "However, Group-IB's Threat Intelligence team found that, in addition to Vietnamese, the malware included language translations to Spanish and traditional Chinese. The cybercriminals may have plans to further extend GoldDigger's reach to Spanish and Chinese-speaking countries in the near future."
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023