A Trojan Android like this one has emptied everyone’s bank account, which is available on the Play Store. It is distributed through fake versions of the Vietnamese government application on the Google Play Store, which cybersecurity researchers Group-IB name the GoldDigger Android trojan.
The malicious software found its way into devices through two distinct applications: one posing as an official Vietnamese government portal and the other as an energy company’s app.
Granting access to the Accessibility Service allows GoldDigger to observe and control various functions of a device, enabling it to access sensitive information like banking app credentials and the contents of SMS messages.
This stolen data is then sent to command-and-control servers. Researchers have uncovered a code snippet indicating that the malware makes an effort to bypass two-factor authentication and is specifically engineered to deceive banking apps by making them believe that it’s conducting legitimate transactions.
If you look at this GoldDigger Android trojan, you’ll find that it has received quite a number of positive reviews and a high ranking, all of which are entirely fake.
The malware leverages the Android Accessibility service to sneakily snatch personal data, passwords, and banking information, intercept SMS messages, and simulate user interactions.
According to Group IB, this malicious software has been in operation since at least June 2023, and it’s shielded by Virbox Protector, which offers sophisticated techniques for hiding and encrypting its code.
Although we don’t know exactly how the attackers did it, experts believe they probably reached out to their targets using methods like social media and email.
They then guided these individuals to about twelve fake websites that looked like the Google Play Store, where they were encouraged to download the app.
As according to Group IB they have stated that:
“As of our current knowledge, we haven’t verified whether the operators of the Trojan are actively utilizing these capabilities. Nevertheless, judging from the patterns seen in other Trojans akin to GoldDigger, we believe that their usage might not deviate significantly.”
We can’t determine the exact number of individuals who were deceived and lost their funds, but the message remains consistent: solely download apps from trustworthy sources and maintain a cautious approach when dealing with links and attachments sent via email.
These days, we need to be very cautious because we use our mobile phones for everything. Our valuable privacy and bank details are at risk as scam apps can quickly steal your data, just like how your WinRAR can be easily hacked today as the Password-protected WinRAR Files are Malware Trap.
How to get Protected from GoldDigger Android trojan:
Here are simple steps to protect yourself from the GoldDigger Android trojan:
- Use Antivirus Software: Install and keep your antivirus software updated. It helps detect and remove malware, like the GoldDigger trojan.
- Download from Trusted Sources: Only get apps from trusted places like the Google Play Store to avoid risky downloads.
- Check App Permissions: Review app permissions before installing. If they seem unnecessary, think twice about installing the app.
- Be Wary of Links: Be cautious with the links you click on, especially in emails and texts. They might lead to websites with malware.
- Keep Software Updated: Regularly update your device’s operating system and apps. Updates often fix security issues and protect against vulnerabilities.
- Enable Two-Factor Authentication: Add an extra layer of security to your Google account by using two-factor authentication. It requires a code from your phone in addition to your password.
- Remove GoldDigger: If you suspect your device has GoldDigger, try removing it with your antivirus software. In some cases, you may need to factory reset your device if the malware is stubborn.