2025-07-26 –, Track 1
In a mobile-first world, malware doesn’t just steal—it rewrites realities. This talk offers a developer-centric walkthrough of state-of-the-art mobile malware targeting Android mobile devices, with a spotlight on GoldDigger, a sophisticated mobile application malware that abuses Android’s Accessibility Services to silently hijack user interaction and cause harm.
Through a technical analysis of GoldDigger’s behaviour and infection chain, we’ll unpack the overlooked mechanisms it leverages and why security engineers need to take note. The general public will be shown GoldDigger’s effects. In addition, developers, security enthusiasts, and pen-testers will walk away with actionable insights on designing with defence in mind, hardening their applications, and detecting behavioural anomalies.
This isn’t just another malware overview. This session distils findings from real-world research, offering protective coding strategies rarely discussed outside red team circles. Attendees will leave with:
• How GoldDigger operates and why it's a threat worth tracking
• Practical safeguards Android developers can implement today.
• Emerging trends in mobile malware — and what’s next on the horizon.
Forget the optimism of 2024—in 2025, the threat landscape has matured, and the attacks have become more subtle, contextual, and embedded in the platform itself. As builders of the mobile experience, developers are on the frontlines—whether knowingly or not, they’re shaping the future of security. Let’s start rewriting realities the right way—together
The proposed presentation will focus on the evolving threat of mobile application malware and provide valuable insights into detecting and mitigating such risks. Key aspects include:
• Introduction to Mobile Malware Risks:
The talk will begin by framing a real-world scenario where a seemingly innocuous mobile rewards app leads to devastating financial losses. This example sets the stage for a discussion on how installing malicious apps can have wide-ranging consequences, including stolen sensitive information, unauthorised financial transactions, and compromised personal data.
• Technical Deep Dive:
The main portion of the talk will delve into the technical aspects of mobile malware. This includes:
(a) Examining prevalent malware variants and their attack vectors.
(b) Reviewing recent trends and shifts in the mobile malware landscape over the past year.
(c) Focusing on GoldDigger and how it allows cybercriminals to extract sensitive information.
(d) Sharing techniques for developers to analyse suspicious mobile applications, recognise red flags, and understand where to look for warning signs.
(e) Highlighting developer communities, meetups, and ongoing research initiatives to combat mobile malware.
• Key Takeaways:
The presentation will conclude with actionable takeaways, such as:
(a) A deeper understanding of GoldDigger and other similar threats.
(b) Practical techniques for developers to enhance mobile application security.
(c) Best practices for penetration testers to identify mobile malware indicators.
Attendees will leave better equipped to protect their applications, recognise emerging threats, and improve their organisation’s security posture.
Software Developer | Mobile Security Enthusiast