As cybersecurity becomes increasingly sophisticated, Trojans targeting mobile devices, especially Android, are becoming a serious threat to banking security. A recent investigation by Cyble Intelligence and Research Labs (CRIL) has uncovered a link between two notable Trojans: Golddigger and Gigabud. These findings not only highlight the sophistication of the attacks but also indicate a growing threat to the global banking security system.

1. New Cybersecurity Discovery: Link Between Golddigger and Gigabud Android Banking Trojans

The Golddigger Trojan and the Gigabud Trojan are emerging as serious threats to banking security. Both Trojans target Android devices and have the potential to cause huge losses to users and financial institutions.

Golddigger, first discovered in June 2023, is notable for its tactic of impersonating Vietnamese government agencies. The Trojan is distributed through fake applications, tricking users into trusting it and installing it on their devices. Once installed, Golddigger performs malicious actions such as stealing personal data and sensitive information, or taking full control of the victim's device.

One of the notable technical features of Golddigger is the use of the "libstrategy.so" library. This library helps the trojan analyze and interact with user interface (UI) elements on other applications, thereby conducting sophisticated fraudulent actions that are difficult for users to recognize.

Gigabud, discovered in January 2023, had a similar start but targeted other countries such as Thailand, the Philippines, and Peru. Like Golddigger, Gigabud also impersonates government agencies to trick users into installing malware. However, the notable difference is that Gigabud's attack scope has quickly expanded to many other countries, including Bangladesh, Indonesia, Mexico, South Africa, and Ethiopia.

Gigabud also uses sophisticated techniques such as spoofing legitimate Google Play pages to distribute malicious apps. This increases the level of danger because users can easily be fooled without knowing. Additionally, Gigabud uses the Virbox packer, a technique that helps the malware hide and avoid detection by traditional security software.

2. Golddigger and Gigabud Link: Global Threat

CRIL's analysis has revealed that both Golddigger and Gigabud share many similarities in their source code and attack techniques, indicating that they are operated by the same hacker group. The shared use of the "libstrategy.so" library and the Virbox packer demonstrates a consistent attack strategy, as well as the sophistication and organization of the group.

This connection highlights a worrying trend: threat actors are not only creating individual malware, but are also building comprehensive cyberattack campaigns, targeting many different countries and regions. This poses a major challenge for the global cybersecurity community, requiring advanced security measures and the ability to detect new threats early.

3. Improve Cybersecurity with Security Solutions from VNCS

The connection between Golddigger and Gigabud is a testament to the fact that cyber security threats are becoming increasingly sophisticated and unpredictable. Cybersecurity professionals need to continually update and improve their capabilities to deal with new challenges, ensuring that systems and data are always protected against attacks from increasingly sophisticated threat actors.

Applying security solutions from VNCS can help you detect and prevent threats at the outset, protecting critical data and systems from attacks.

VNCS is proud to distribute leading security solutions, including:

- Splunk: With powerful data monitoring and analysis capabilities, Splunk helps businesses detect early abnormal activities in the system, promptly identify and prevent attacks from trojans such as Golddigger and Gigabud.

- Radware: Providing DDoS protection solutions and web application firewalls, Radware helps protect banking and financial applications from direct threats from the network.

- BeyondTrust: BeyondTrust's privilege management solution helps limit access to malware, minimizing the risk of infection and attack.

- Forescout: Ensures the safety of IoT device networks and endpoints, preventing the spread of malware in the enterprise environment.

- WatchGuard: Provides comprehensive network security solutions, protecting systems from cyber attacks, including threats from malware such as Golddigger and Gigabud.

- Invicti: Web application security solution that detects and patches security vulnerabilities, protecting your website and applications from malware attacks.

- Checkmarx: Security source code testing solution that detects and fixes vulnerabilities in software, preventing malware from exploiting these weaknesses to attack.

- OpenText: Provides data management and protection solutions, ensuring the safety of important information in the enterprise.

With the above solutions, VNCS is ready to accompany your organization/enterprise in security issues. Contact VNCS now to receive comprehensive and effective security advice!

Source: Security Online

See more:

Breaking News: Cve-2024-26229: Lỗ Hổng Tràn Bộ Đệm Nghiêm Trọng, Cho Phép Hacker Chiếm Đặc Quyền Cao Nhất Của Hệ Thống Windows.

Breaking News: Thêm Một Doanh Nghiệp Lớn Tại Việt Nam Bị Tấn Công Ransomware Hiện Vẫn Đang Nỗ Lực Khắc Phục Sự Cố Gián Đoạn Hệ Thống