Group-IB: GoldDigger Banking Trojan Targets Vietnamese Organizations

  /     /     /  
Publicated : 23/11/2024   Category : security


Group-IB: GoldDigger Banking Trojan Targets Vietnamese Organizations


The malware uses software to evade detection while also making it difficult to analyze.



Group-IB discovered an Android Trojan in August targeting more than
50 financial organizations
in Vietnam that its dubbed GoldDigger.
The Trojan has been active since June, when Group-IBs intelligence unit identified more than 10 fake websites impersonating Google Play Store pages.
GoldDiggers primary goal is to steal banking credentials. When first installed and launched, it abuses the Accessibility Service to steal personal information and intercept SMS messages. The malware avoids detection by
disguising itself as a false Android application
, impersonating a Vietnamese government portal as well as an energy company through at least two different variants.
The
analysis published by Group-IB
noted that GoldDigger uses Virbox Protector, which allows the malware to evade detection and make it difficult to analyze. The use of Virbox by these Trojans targeting
banking information is a rising trend
, with two other active Android Trojans using these same methods in the Asia-Pacific region.
These Trojans seek to infect as many devices as possible and gain access to user accounts, Group-IB stated. The most effective way to combat them is with client-side fraud protection solutions that offer multiple benefits. These include real-time protection, adaptability to evolving threats and, most importantly, the ability to rely on behavioral indicators to protect customers, the researchers noted. 
Group-IB contacted the Vietnam Computer Emergency Response Team to inform them of their findings, including technical information and indicators of compromise. Group-IB has also notified customers of this threat. 
At the moment, GoldDigger is primarily focusing on targets in Vietnam, stated Anh Le, Group-IBs business development manager in Vietnam. However, Group-IBs Threat Intelligence team found that, in addition to Vietnamese, the malware included language translations to Spanish and traditional Chinese. The cybercriminals may have plans to further extend GoldDiggers reach to Spanish and Chinese-speaking countries in the near future.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Group-IB: GoldDigger Banking Trojan Targets Vietnamese Organizations