A new Android Trojan called “GoldDigger” has been found by security researchers. This Trojan aims to secretly gather user information, including credentials for banking apps, in order to hack into and drain their accounts. It has been active since at least June 2023 and is currently targeting over 50 Vietnamese banking apps, as well as e-wallets and crypto-wallets.
The malware has translations in multiple languages, suggesting plans for expansion in Asia, Europe, and South America. Users typically receive a phishing email with links to a fake Google Play page or a phishing site impersonating a different brand. The Trojan itself is disguised as an Android app pretending to be a Vietnamese government portal or energy company. Once installed, GoldDigger requests access to the Android Accessibility Service, allowing it to monitor and manipulate the device’s functions.
It steals sensitive information, such as banking app passwords, intercepts SMS messages, and sends them to a command-and-control server. The Trojan developers also use a legitimate obfuscation tool to make it difficult for researchers to reverse engineer the malware. Group-IB, the organization that discovered GoldDigger, warns that the malware may expand its reach to Spanish and Chinese-speaking countries. Users are advised to keep their mobile devices updated, avoid downloading apps from unofficial sources, and check the permissions requested by downloaded apps.
