GoldFactory Southeast Asia mobile fraud campaign using modified banking apps
Campaign
Summary
Hide ▲
Show ▼
GoldFactory has launched a fresh mobile fraud campaign against users in Indonesia, Thailand, and Vietnam, using government impersonation and modified banking apps to spread Android malware. The operation has been active since October 2024 and has already produced thousands of infections. By combining phone lures, messaging-app delivery, and fake app pages, the group is scaling remote-control fraud across the region.
Related Happenings
Y2K Operators Millenium RAT social-engineering distribution campaign
Campaign
H score73
First: 29.06.2026 17:30
Last: 29.06.2026 17:30
Sources 1
About this happening:
The **Y2K Operators** are running a **social-engineering distribution campaign** that spreads **Millenium RAT** through **booby-trapped downloads**, exposing users to remote compr...
Y2K Operators Millenium RAT social-engineering distribution campaign
CampaignAbout this happening: The **Y2K Operators** are running a **social-engineering distribution campaign** that spreads **Millenium RAT** through **booby-trapped downloads**, exposing users to remote compr...
Rokarolla device-profiling targeting campaign
Campaign
H score32
First: 16.06.2026 23:04
Last: 16.06.2026 23:04
Sources 1
About this happening:
The **Rokarolla** Android campaign now profiles infected devices to assign a **unique identifier** to each victim, enabling repeated tracking and coordinated financial-fraud activ...
Rokarolla device-profiling targeting campaign
CampaignAbout this happening: The **Rokarolla** Android campaign now profiles infected devices to assign a **unique identifier** to each victim, enabling repeated tracking and coordinated financial-fraud activ...
BTMOB phishing campaign targeting Brazil and Latin America
Campaign
H score39
First: 29.05.2026 00:10
Last: 29.05.2026 00:10
Sources 1
About this happening:
**BTMOB** phishing activity is using localized fake-app lures to target users in **Brazil** and **Latin America**, increasing the risk of malicious installs and account compromise...
BTMOB phishing campaign targeting Brazil and Latin America
CampaignAbout this happening: **BTMOB** phishing activity is using localized fake-app lures to target users in **Brazil** and **Latin America**, increasing the risk of malicious installs and account compromise...
Grandoreiro DLL side-loading campaign targeting banks in Portugal
Campaign
H score26
First: 27.05.2026 19:10
Last: 27.05.2026 19:10
Sources 1
About this happening:
**Grandoreiro** is running a new **DLL side-loading** campaign against **banks in Portugal**, extending a long-lived banking-malware operation into **2026**. The latest wave uses...
Grandoreiro DLL side-loading campaign targeting banks in Portugal
CampaignAbout this happening: **Grandoreiro** is running a new **DLL side-loading** campaign against **banks in Portugal**, extending a long-lived banking-malware operation into **2026**. The latest wave uses...
Trapdoor Android malvertising and ad-fraud campaign
Campaign
H score39
First: 19.05.2026 19:38
Last: 19.05.2026 19:38
Sources 1
About this happening:
The **Trapdoor** campaign is a **self-sustaining malvertising and ad-fraud operation** targeting **Android users** and turning app installs into revenue through threat-actor-contr...
Trapdoor Android malvertising and ad-fraud campaign
CampaignAbout this happening: The **Trapdoor** campaign is a **self-sustaining malvertising and ad-fraud operation** targeting **Android users** and turning app installs into revenue through threat-actor-contr...
Timeline
-
04.12.2025 11:27 2 articles · 7mo ago
GoldFactory Southeast Asia mobile fraud campaign disclosed
Initial DisclosureGoldFactory is targeting mobile users in Indonesia, Thailand, and Vietnam with modified banking applications that impersonate government services and redirect victims to fake Google Play Store-style pages, while Group-IB identified more than 300 unique samples tied to almost 2,200 infections in Indonesia and at least 11,000 infections overall.
Show sources
- GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections — thehackernews.com — 04.12.2025 11:27
- GoldFactory Hits Southeast Asia with Modified Banking Apps Driving 11,000+ Infections — thehackernews.com — 04.12.2025 11:27