
GoldDigger: Accessibility-Abusing Banker Draining APAC Accounts
A mobile-first banking-trojan intrusion on a corporate bring-your-own-device fleet. An employee searching for a government portal sideloaded a trojanized Android installer carrying the GoldDigger banker, granted it Accessibility Service, and the trojan then keylogged, painted fake bank-login overlays, intercepted SMS one-time-passcodes, and beaconed stolen data to a cluster of attacker command-and-control domains, enabling account-draining fraud. Reconstruct the kill chain from the mobile egress SIEM, the mobile threat-defense sensor, and the perimeter firewall, and classify the key ATT&CK mobile techniques.
Launches today
Friday, July 3, 2026 at 9:00 AM
Pro unlocks this operation at launch.
Training Tools
What you'll investigate
7 objectives unlock when this operation goes live.
Be first when it launches
Create your account and grab Pro before launch. The moment this operation goes live on Jul 3, 2026, you can jump straight in.
Get Started FreeNo credit card required — free forever