Group-IB: GoldDigger Banking Trojan Targets Vietnamese Organizations

The malware uses software to evade detection while also making it difficult to analyze.

Group-IB discovered an Android Trojan in August targeting more than
50 financial organizations
in Vietnam that its dubbed GoldDigger.
The Trojan has been active since June, when Group-IBs intelligence unit identified more than 10 fake websites impersonating Google Play Store pages.
GoldDiggers primary goal is to steal banking credentials. When first installed and launched, it abuses the Accessibility Service to steal personal information and intercept SMS messages. The malware avoids detection by
disguising itself as a false Android application
, impersonating a Vietnamese government portal as well as an energy company through at least two different variants.
The
analysis published by Group-IB
noted that GoldDigger uses Virbox Protector, which allows the malware to evade detection and make it difficult to analyze. The use of Virbox by these Trojans targeting
banking information is a rising trend
, with two other active Android Trojans using these same methods in the Asia-Pacific region.
These Trojans seek to infect as many devices as possible and gain access to user accounts, Group-IB stated. The most effective way to combat them is with client-side fraud protection solutions that offer multiple benefits. These include real-time protection, adaptability to evolving threats and, most importantly, the ability to rely on behavioral indicators to protect customers, the researchers noted.
Group-IB contacted the Vietnam Computer Emergency Response Team to inform them of their findings, including technical information and indicators of compromise. Group-IB has also notified customers of this threat.
At the moment, GoldDigger is primarily focusing on targets in Vietnam, stated Anh Le, Group-IBs business development manager in Vietnam. However, Group-IBs Threat Intelligence team found that, in addition to Vietnamese, the malware included language translations to Spanish and traditional Chinese. The cybercriminals may have plans to further extend GoldDiggers reach to Spanish and Chinese-speaking countries in the near future.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Group-IB: GoldDigger Banking Trojan Targets Vietnamese Organizations