Gaining Accessibility Permissions: Once installed on a victim’s device, the fraudulent apps followed a predictable pattern—they requested Accessibility permissions. This serves as a crucial warning sign for potential malicious apps. Granting these permissions was a grave mistake, as it allowed GoldDigger to commence its sinister operation.
The GoldDigger Operation: GoldDigger’s primary objective was to unearth sensitive user information, including passwords. Subsequently, the malware scoured the device for a specific set of target apps—51 Vietnamese financial organizations’ apps, e-wallet apps, and cryptocurrency wallet apps. If any of these apps were detected, GoldDigger exfiltrated the login data, providing the attackers unrestricted access to the victim’s financial resources.
The Deceptive Twist: What distinguishes GoldDigger from other threats is its utilization of Virbox Protector, a legitimate software tool used for obfuscation and encryption. In this case, the malicious actors harnessed it for nefarious purposes, complicating the efforts of cybersecurity researchers.
