GoldFactory Launches Sophisticated Malware Attacks on Asian Banking Apps
Financially motivated cybercriminal group GoldFactory has launched a new wave of attacks targeting mobile users in Indonesia, Thailand and Vietnam. Attackers are using a government spoofing technique to distribute legitimate banking applications modified with malware. The activity, observed since October 2024, involves the distribution of apps that act as conduits for advanced Android malware, according to a Group-IB white paper. The GoldFactory Threat Actor GoldFactory is a Chinese-speaking cybercrime group, active since at least June 2023. The group is known for using custom malware families such as GoldPickaxe, GoldDigger, and GoldDiggerPlus, which previously targeted Android and iOS devices. Research suggests that GoldFactory has close ties to Gigabud, another Android malware detected in mid-2023. Despite differences in code base, GoldDigger and Gigabud share similarities in their spoofing targets and landing pages. ...