Security News > 2023 > October > GoldDigger Android trojan targets Vietnamese banking apps, code contains hints of wider targets
Singapore-based infosec outfit Group-IB on Thursday released details of a new Android trojan that exploits the operating system's accessibility features to steal info that enables theft of personal information.
The security research outfit wrote that the trojan, named GoldDigger, currently targets Vietnamese banking apps - but includes code suggesting its developers plan wider attacks.
Once installed, GoldDigger requests access to Android's Accessibility Service - the feature designed to assist users with disabilities by allowing apps to interact with each other and modify the user interface.
Permission to use the Accessibility Service means GoldDigger can monitor and manipulate a device's functions and view personal information such as banking app credentials and the content of SMS messages, and send that info to command-and-control servers.
A code snippet found by the researchers suggests the malware attempts to bypass two factor authentication, and is designed to fool banking apps that it is making legitimate transactions.
"We have not confirmed that the Trojan operators use these capabilities at the time of writing. However, based on the behavior of other known Trojans similar to GoldDigger, we don't think they differ significantly," explained Group-IB. "We are definitely observing a significant increase in the Android malware strains abusing the Accessibility Service. For Android malware trends, there is a noticeable shift away from the traditional use of web fakes," Sharmine Low, malware analyst at Group-IB, told The Register.