Over 50 Vietnamese banking, cryptocurrency wallet, and e-wallet applications have been targeted in attacks involving the new GoldDigger Android banking trojan since June, reports The Hacker News.
Attackers have spoofed a Vietnamese government site and energy firm in creating malicious apps laced with GoldDigger, which exploits the accessibility services of Android to facilitate personal data and banking app credential exfiltration, SMS message and two-factor authentication interception, keystroke logging, and remote device access, according to a Group-IB report.
All GoldDigger samples were also found to feature the Virbox Protector anti-detection software that presents static and dynamic malware analysis challenges. While researchers noted that successful compromise with GoldDigger is dependent on the activation of "Install from Unknown Sources" option in Android devices, threat actors could expand attacks with the malware.
"There are indications that this threat might be poised to extend its reach across the wider [Asia-Pacific] region and to Spanish-speaking countries," said researchers.
NBC News reports that malware was used by the Chinese cyber espionage group Mustang Panda to gain access to cargo shipping companies' computer systems in Greece, the Netherlands, and Norway over a five-month period, including systems on board the cargo ships.
The botnet malware tracked as Ebury has steadily expanded over the past decade, having compromised over 400,000 hosts since 2009, with about 100,000 still-infected systems identified by the end of 2023, according to SecurityWeek.
Two new backdoors discovered by ESET security researchers and given the names LunarWeb and LunarMail targeted an unnamed European Ministry of Foreign Affairs and three of its Middle Eastern diplomatic missions, The Hacker News reports.