"The first cases in the latest attack wave were detected in Thailand, with the threat subsequently appearing in Vietnam by late 2024 and early 2025 and in Indonesia from mid-2025 onwards. Group-IB said it has identified more than 300 unique samples of modified banking applications that have led to almost 2,200 infections in Indonesia. Further investigation has uncovered over 3,000 artifacts that it said led to no less than 11,000 infections."
"Assessed to be active as far back as June 2023, GoldFactory first gained attention early last year, when the Singapore-headquartered cybersecurity company detailed the threat actor's use of custom malware families like GoldPickaxe, GoldDigger, and GoldDiggerPlus targeting both Android and iOS devices. Evidence points to GoldFactory being a well-organized Chinese-speaking cybercrime group with close connections to Gigabud, another Android malware that was spotted in mid-2023."
GoldFactory stages mobile-targeted campaigns in Indonesia, Thailand, and Vietnam by impersonating government services and trusted local brands. The campaign distributes modified banking applications that deliver Android malware to victims. Activity was observed since October 2024 with assessments tracing the group to June 2023. GoldFactory used custom malware families including GoldPickaxe, GoldDigger, and GoldDiggerPlus targeting Android and iOS devices. The group shows ties to Gigabud and similarities in impersonation targets and landing pages despite differing codebases. Group-IB identified over 300 unique malicious app samples and more than 3,000 artifacts, resulting in thousands of infections. Infection chains often involve phone-based social engineering and links sent via messaging apps like Zalo.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]