Group-IB, a cybersecurity firm, has discovered a malware designed to steal funds from financial organizations and crypto wallets in Vietnam.
In a blog post on Oct. 4, Group-IB said Android devices are the primary targets of the GoldDigger trojan. It is distributed through false versions of the Vietnamese government application on the Google Play Store.
The malware uses the Android Accessibility service to pilfer personal information, passwords, banking credentials, intercept SMS messages, and mimic user actions.
Group IB says the malware has been active since at least June 2023, and it is protected with Virbox Protector, which provides advanced obfuscation and encryption.
Chinese and Spanish versions of GoldDigger have also been identified, indicating that the trojan may soon be active in these countries.
Group-IB advises Android users to avoid downloading apps from outside the Google Play Store and check the permissions an application requests after downloading.