Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Group IB. Show all posts

GoldDigger Malware: The Covert Culprit Behind Vanishing Funds

 


Several Android banking apps have been observed to be vulnerable to a new malware strain capable of stealing money from them, which has been observed making the rounds. Group-IB recently discovered an Android Trojan that appears to target more than 50 Vietnamese banking apps, e-wallet services, and cryptocurrency wallets, with its primary objective being the theft of funds. 

Developed by the threat intelligence division at Group-IB, this Trojan named "GoldDigger" has been around since at least June 2023, and its digital footprints have been tracked since then. Two separate apps were used to deliver malware – one that impersonated a Vietnamese government portal and another one that impersonated a company in the energy sector.  

Researchers do not yet know the exact attack vector the attackers used, but speculation is that they may have reached out to victims using social media channels, email messages, and other common ways of communicating with them.  

In addition, they were using these channels to redirect victims to at least a dozen fake Google Play websites, where they presented them with the opportunity to install the apps on their smartphones. The app will then do what it normally does once it is installed on the device: ask for “Accessibility permissions” and then proceed.  

There is probably no better way to identify a malicious app than if it asks for excessive permissions - that is the most obvious way to do so. To get sensitive user information, such as passwords, GoldDigger will need to be granted some permissions by the victim to dig it out. Once it has found any of the 51 Vietnamese financial institutions' apps e-wallet apps or cryptocurrency wallet apps, it will then search for any of these apps on its own.  

The GoldDigger application will be able to detect and extract the login information for the accounts it is scanning for. This is essentially granting the attackers unrestricted access to the financial accounts it is scanning for. The researchers went on to explain that Virbox Protector is part of the feature set that they feel makes GoldDigger unique, a piece of integrated software that acts as an obfuscation and encryption system integrated into the program.  

In general, Virbox Protector is a legitimate application, however here, in this case, it has been used for nefarious purposes, leading to the tasks of cybersecurity researchers becoming a lot more challenging.  It is impossible to think exactly how many people have fallen for this scam and lost their money as a result. 

Still, to be on the safe side it is always best to download applications only from legitimate sources and to always be suspicious when a link or attachment is received through mail. Malware Targeting Android Devices in The Future GoldDigger is characterized by its use of Virbox Protector, a software program which specializes in obfuscating and encrypting data in an advanced manner. This is what sets GoldDigger apart from its competitors.  

To enhance the evasion of standard fraud detection mechanisms, malware developers have taken an inventive step by making it difficult for cybersecurity experts to decipher and understand their malevolent codes, allowing them to evade standard fraud detection systems. Group-IB has the Fraud Protection suite that can detect GoldDigger's presence, perhaps for more reasons than one.   

57% of All Digital Crimes in 2021 Were Scams Says Group IB

 

Group-IB, headquartered in Dubai, U.A.E.,  a prominent name in the world of cybersecurity –has recently shared its analysis of the most widespread cyber threat in the world 'scams'.

As per the analysis, 57% of all cyber scams are financially motivated cybercrime. Phishing attacks accounted for 18% of cybercrimes, while malware infections and reputational attacks were 25%. As the scam industry is becoming more advanced, it now involves more and more parties divided into hierarchical groups. 

“A strong trend that we observed in 2021 was no-frills scammers merging into groups controlled by highly technically skilled villains,” says Antony Dolgalev, Deputy Head of Digital Risk Protection at Group-IB. 

At present, such groups have increased by 390, which is 3.5 times more than the last year, when the record of active groups was close to 110. Alongside, the brand-impersonating scam has also jumped high. 

The Group-IB analysts reported an increase of 150% in the Middle East and African region. This number is marginally high in comparison with the APAC region where such crimes are reported at 83% and in Europe, it is 89%. 

Due to SaaS (Scam-as-a-Service), in 2021 the number of cybercriminals in one scam gang increased 10 times compared to 2020, now climbing upto 100. 

“Group-IB’s AI-based platform identified somewhere between 75 and 110 scam groups last year, and the average number of cybercriminals per group was 10 members. The average number of scam links per group reached 100. SaaS helped grow not only fraudsters’ appetites but also the industry itself. In 2021 our DRP system tracked 350 groups, reaching up to 390 scam groups at the peak time. The number of cybercriminals in fraudulent groups has increased dramatically, averaging between 100 and 1,000 per group. In turn, their infrastructure has grown proportionally: the average number of scam links per group was between 2,000 and 3,000”, said Antony Dolgalev, Deputy Head of Digital Risk Protection at Group-IB. 

Following the research, analysts reported that traffic has become the circulatory system of scams. The number of websites that uses illegal traffic to lure victims into fraudulent schemes has increased by 1.5 times. With the advancement of technology, cyber gangs have also raised the sophistication level of scam techniques. One such technique, 'scam attack automation' is becoming more and more popular amongst fraudsters. Through this scheme hackers attract specific groups of victims to increase conversion rates, social media is the fastest doorway to establish contact between scammers and their potential victims.