Android: This Android malware that can make your bank account empty is spreading

A recently discovered Androidmalware variant is currently spreading and can be very dangerous for users. This new bug has the ability to illegally extract funds from several banking apps. In a blog post, cybersecurity researchers Group-IB confirmed that this Android trojan was detected in August. The malware is currently targeting financial organisations in Vietnam.So. Indian users shouldn’t need to worry about the malware which is codenamedGoldDigger. The security research company also noted that it has informed clients in Vietnam and beyond about its findings. Moreover, the cybersecurity company has also shared its data with VNCERT (Vietnam Computer Emergency Response Team).
How this trojan can affect users
This GoldDigger Android trojan has been active since June 2023, Group-IB claims. The malware disguises itself as a fake Android app and can impersonate both a Vietnamese government portal and a local energy company.
The main goal of the Android bug is to steal banking credentials. Just like many other Android Trojans, the malware abuses Accessibility Service to extract personal information, intercept SMS messages, and perform various user actions. GoldDigger also has a remote access capability.
How the malware remains undetectable
One of the main features of GoldDigger is its use of an advanced protection mechanism. Virbox Protector, a legitimate software, was identified in all discovered samples of GoldDigger. This software allows the trojan to significantly complicate both static and dynamic malware analysis and evade detection. This presents a challenge in triggering malicious activity in sandboxes or emulators.

The use of VirBox by banking trojans is a recent trend. As per Group-IB’s Threat Intelligence team, three Android Trojans currently active in the Asia Pacific region, including GoldDigger, are using this evasion technique.
Researchers discovered that the GoldDigger Trojan uses fake apps in Vietnamese to attack its victims. The trojan also includes language translations for Spanish and traditional Chinese. This shows that these attacks may potentially extend their reach beyond Vietnam, encompassing Spanish-speaking nations and other countries in the APAC region.
The report notes that GoldDigger spreads via fake websites disguised as Google Play pages and fake corporate websites in Vietnam. The trojan’s operators are likely distributing the links to these websites via smishing or traditional phishing methods. These websites include links that will download malicious Android apps. However, the malware needs the “Install from Unknown Sources” function to be enabled on a victim’s device to be downloaded and installed.

FOLLOW US ON GOOGLE NEWS

Read original article here

Denial of responsibility! Todays Chronic is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – todayschronic.com. The content will be deleted within 24 hours.

Leave a Comment