Group-IB alerts about the increasing threat of Android Trojans in the APAC region.

Cybersecurity company Group-IB has observed a notable surge in cyber threats within the Asia-Pacific (APAC) region, the attack is primarily facilitated by a sophisticated Android Trojan named ‘GoldDigger.’ This Trojan majorly targets users of over 50 Vietnamese banking and wallet applications, with its core objective of pilfering funds.

GoldDigger employs multifaceted tactics, including masquerading as a Vietnamese government tax portal and an energy company, utilizing Android’s Accessibility service to harvest data and purloin user credentials. The malware also leverages Virbox Protector for advanced obfuscation and encryption techniques, making detection and prevention challenging. Nevertheless, Group-IB’s Fraud Protection system has proven effective in identifying and countering GoldDigger’s activities.


                                                                               GoldDigger Profile Analysis. Image-source: Group-IB


This Trojan which has been active since June 2023, utilizes the Android Accessibility service to exfiltrate sensitive data and manipulate user interfaces. It mimics user actions, intercepts confidential SMS messages, and exfiltrate credentials from banking applications. The magnitude of affected devices and stolen funds remains are yet to be determined.

More than ten counterfeit websites have been identified, posing as Google Play Store pages and company websites, enticing users to download GoldDigger. The Trojan’s distribution may involve messengers or conventional phishing techniques.

Anh Le, Group-IB’s Business Development Manager in Vietnam, has pointed out that while GoldDigger currently focuses on Vietnam, the malware incorporates translations for Spanish and traditional Chinese, suggesting potential expansion into Spanish and Chinese-speaking regions in the near future.

For protection against Trojans like GoldDigger, Group-IB advises users to maintain updated mobile devices, exclusively download applications from the Google Play Store, and scrutinize post-download permission requests. Group-IB’s Fraud Protection solution enhances corporate security through machine learning algorithms, flagging suspicious behavior and the presence of malware like GoldDigger.

Group-IB’s Threat Intelligence unit persists in its efforts to investigate, prevent, and combat digital crime, reinforcing its standing as a leading innovator in cybersecurity technology. Their defense strategies continue to evolve, delivering comprehensive protection against contemporary cyber threats.




Put your comments below in the comment section on your thoughts about this.

Find this article and information helpful? Show some love and support  “Click-Here”
5 1 vote
Article Rating
Notify of
Inline Feedbacks
View all comments