New Banking Trojan "GoldDigger" Spreads via Fake Mobile Apps
Summary
A sophisticated Android banking trojan dubbed "GoldDigger" has been discovered in fake cryptocurrency and banking applications on third-party app stores.
Threat Analysis
GoldDigger Banking Trojan Analysis
Malware Overview: GoldDigger is a newly discovered Android banking trojan that targets over 300 financial applications worldwide. It combines credential theft with real-time transaction manipulation.
Distribution Methods: - Fake cryptocurrency trading apps - Cloned banking applications - Malicious APKs distributed via SMS
Capabilities: - Overlay attacks on banking apps - SMS interception for OTP theft - Screen recording during transactions - Remote device control - Crypto wallet address substitution
Technical Analysis: GoldDigger uses advanced obfuscation techniques and detects emulator environments to evade analysis. It communicates with C2 servers using encrypted channels.
Protection Measures: 1. Download apps only from official stores 2. Verify app publisher authenticity 3. Use mobile security solutions 4. Enable Google Play Protect 5. Review app permissions carefully