A dangerous new Android malware strain has been observed making the rounds, capable of stealing money from dozens of banking apps.
This alarm was sounded by cybersecurity researchers Group-IB, which spotted the new campaign in June this year. In this campaign, unnamed threat actors were delivering a piece of malware called GoldDigger. The malware was being delivered via two separate apps – one impersonating a Vietnamese government portal and another impersonating an energy company.
The attack vector wasn’t discovered, but the researchers are making an educated guess that the attackers contacted victims via social media channels, email messages, and other usual methods. Through these channels, they navigated the victims to at least a dozen fake Google Play websites, where they were offered to download the apps.
Accessibility and other red flags
Once on the device, the apps would do the usual – ask for the Accessibility permissions. This is probably the best way to spot a malicious app – if it demands excessive permissions. GoldDigger will start collecting sensitive user information, including passwords if the victim grants these permissions. It will then look for any of the 51 Vietnamese financial organizations’ apps, e-wallet apps, and cryptocurrency wallet apps. If it finds any, GoldDigger will seek out and exfiltrate the login data for them, essentially granting the attackers unobstructed access to the victim’s money.
One thing that makes GoldDigger unique, the researchers further explained, is Virbox Protector, a piece of integrated software used for obfuscation and encryption. While Virbox Protector itself is generally legitimate, it’s being used for nefarious purposes, making cybersecurity researchers’ jobs that much more difficult.
There is no way of knowing exactly how many people fell for the trick and lost their money. Still, the warning is always the same – only download apps from legitimate sources and always be suspicious of links and attachments coming in through the mail.
More from TechRadar Pro
- The FBI has taken down one of the biggest botnets in the world
- Here’s a list of the best firewalls today
- These are the Best identity theft protection tools around