Find notable cyber news and cases, enriched with sources, timelines, and signals.

GoldFactory Southeast Asia mobile fraud campaign using modified banking apps

Campaign
First reported
Last updated
Happening score
H score 32
1 unique sources, 1 articles

Summary

Hide ▲

GoldFactory has launched a fresh mobile fraud campaign against users in Indonesia, Thailand, and Vietnam, using government impersonation and modified banking apps to spread Android malware. The operation has been active since October 2024 and has already produced thousands of infections. By combining phone lures, messaging-app delivery, and fake app pages, the group is scaling remote-control fraud across the region.

Related Happenings

Y2K Operators Millenium RAT social-engineering distribution campaign

Campaign
H score73 First: 29.06.2026 17:30 Last: 29.06.2026 17:30 Sources 1

About this happening: The **Y2K Operators** are running a **social-engineering distribution campaign** that spreads **Millenium RAT** through **booby-trapped downloads**, exposing users to remote compr...

Rokarolla device-profiling targeting campaign

Campaign
H score32 First: 16.06.2026 23:04 Last: 16.06.2026 23:04 Sources 1

About this happening: The **Rokarolla** Android campaign now profiles infected devices to assign a **unique identifier** to each victim, enabling repeated tracking and coordinated financial-fraud activ...

BTMOB phishing campaign targeting Brazil and Latin America

Campaign
H score39 First: 29.05.2026 00:10 Last: 29.05.2026 00:10 Sources 1

About this happening: **BTMOB** phishing activity is using localized fake-app lures to target users in **Brazil** and **Latin America**, increasing the risk of malicious installs and account compromise...

Grandoreiro DLL side-loading campaign targeting banks in Portugal

Campaign
H score26 First: 27.05.2026 19:10 Last: 27.05.2026 19:10 Sources 1

About this happening: **Grandoreiro** is running a new **DLL side-loading** campaign against **banks in Portugal**, extending a long-lived banking-malware operation into **2026**. The latest wave uses...

Trapdoor Android malvertising and ad-fraud campaign

Campaign
H score39 First: 19.05.2026 19:38 Last: 19.05.2026 19:38 Sources 1

About this happening: The **Trapdoor** campaign is a **self-sustaining malvertising and ad-fraud operation** targeting **Android users** and turning app installs into revenue through threat-actor-contr...

Timeline

  1. 04.12.2025 11:27 2 articles · 7mo ago

    GoldFactory Southeast Asia mobile fraud campaign disclosed

    Initial Disclosure

    GoldFactory is targeting mobile users in Indonesia, Thailand, and Vietnam with modified banking applications that impersonate government services and redirect victims to fake Google Play Store-style pages, while Group-IB identified more than 300 unique samples tied to almost 2,200 infections in Indonesia and at least 11,000 infections overall.

    Show sources