Skip to main content
GoldDigger: Accessibility-Abusing Banker Draining APAC Accounts operation cover
COMING SOONIntermediatePRO

GoldDigger: Accessibility-Abusing Banker Draining APAC Accounts

A mobile-first banking-trojan intrusion on a corporate bring-your-own-device fleet. An employee searching for a government portal sideloaded a trojanized Android installer carrying the GoldDigger banker, granted it Accessibility Service, and the trojan then keylogged, painted fake bank-login overlays, intercepted SMS one-time-passcodes, and beaconed stolen data to a cluster of attacker command-and-control domains, enabling account-draining fraud. Reconstruct the kill chain from the mobile egress SIEM, the mobile threat-defense sensor, and the perimeter firewall, and classify the key ATT&CK mobile techniques.

1h
7 tasks
50 points
Pro

Launches today

Jul 3, 2026

Friday, July 3, 2026 at 9:00 AM

View Pro plans

Pro unlocks this operation at launch.

Training Tools

SIEMXDRFirewall

What you'll investigate

7 objectives unlock when this operation goes live.

1Incident brief
2Find the sideloaded installer
3Identify the permission that unlocked the theft
4Confirm the malware against threat intelligence
5Separate the upload endpoint from the command channel
6Classify the passcode theft
7Name patient zero

Be first when it launches

Create your account and grab Pro before launch. The moment this operation goes live on Jul 3, 2026, you can jump straight in.

Get Started Free

No credit card required — free forever