GoldDigger Android trojan targets Vietnamese banking apps, code contains hints of wider targets

Trending 1 month ago

Singapore-based infosec outfit Group-IB connected Thursday released specifications of a caller Android trojan that exploits nan operating system's accessibility features to bargain info that enables theft of individual information.

The information investigation outfit wrote that nan trojan, named GoldDigger, presently targets Vietnamese banking apps – but includes codification suggesting its developers scheme wider attacks. Between June 2023, erstwhile it spotted GoldDigger, and precocious August, Group-IB identified 51 financial statement applications targeted by nan trojan. The information shape is unsure really galore devices person been infected, aliases really overmuch money has been stolen.

The malware makes its measurement onto devices aft users sojourn clone websites that manipulate them into downloading nan app. Once installed, GoldDigger requests entree to Android’s Accessibility Service – nan characteristic designed to assistance users pinch disabilities by allowing apps to interact pinch each different and modify nan personification interface.

Permission to usage nan Accessibility Service intends GoldDigger tin show and manipulate a device's functions and position individual accusation specified arsenic banking app credentials and nan contented of SMS messages, and nonstop that info to command-and-control servers. A codification snippet recovered by nan researchers suggests nan malware attempts to bypass 2 facet authentication, and is designed to fool banking apps that it is making morganatic transactions.

  • Kremlin-backed Sandworm strikes Android devices pinch data-stealing Infamous Chisel
  • Russia throws laminitis of infosec biz Group-IB successful nan clink for treason
  • Probe reveals antecedently concealed Israeli spyware that infects targets via ads
  • Suspected bank-infecting OPERA1ER crime leader cuffed

"We person not confirmed that nan Trojan operators usage these capabilities astatine nan clip of writing. However, based connected nan behaviour of different known Trojans akin to GoldDigger, we don't deliberation they disagree significantly," explained Group-IB.

"We are decidedly watching a important summation successful nan Android malware strains abusing nan Accessibility Service. For Android malware trends, location is simply a noticeable displacement distant from nan accepted usage of web fakes," Sharmine Low, malware expert astatine Group-IB, told The Register. Low said utilizing nan Accessibility Function was a "much much invasive attack compared to generating individual web clone files for each circumstantial target."

GoldDigger's developers person near clues that their ambitions whitethorn scope beyond Vietnam. The malware includes translations successful Chinese and Spanish, suggesting that countries wherever those languages are spoken whitethorn beryllium adjacent successful statement arsenic targets.

One measurement nan information patient noted nan malware could beryllium prevented – speech from nan accustomed cheque for updates, watch retired for different permissions and adopting fraud protection services – is to support nan "Install from Unknown Sources" mounting abnormal by default connected Android devices. Only if nan mounting is enabled tin APKs from sources extracurricular Google Play Store beryllium installed. ®