Over 50 Vietnamese banking, cryptocurrency wallet, and e-wallet applications have been targeted in attacks involving the new GoldDigger Android banking trojan since June, reports The Hacker News.
Attackers have spoofed a Vietnamese government site and energy firm in creating malicious apps laced with GoldDigger, which exploits the accessibility services of Android to facilitate personal data and banking app credential exfiltration, SMS message and two-factor authentication interception, keystroke logging, and remote device access, according to a Group-IB report.
All GoldDigger samples were also found to feature the Virbox Protector anti-detection software that presents static and dynamic malware analysis challenges. While researchers noted that successful compromise with GoldDigger is dependent on the activation of "Install from Unknown Sources" option in Android devices, threat actors could expand attacks with the malware.
"There are indications that this threat might be poised to extend its reach across the wider [Asia-Pacific] region and to Spanish-speaking countries," said researchers.
