02 GoldFactory

GoldFactory

Region

Asia-Pacific

Industries

Banking

First seen

May 2024

Cybercrime

Emerging group signalling a possible evolution in AI-driven attacks, with the potential to disrupt the financial systems of targeted countries

Heritage

Group-IB uncovered the malware GoldDigger in June 2023, part of the GoldPickaxe family

Categorizations

Mobile banking malware

About

Currently, there’s limited public information on this Masked Actors group. However, in May 2024, we uncovered the first iOS trojan, dubbed GoldPickaxe.iOS. Part of a sophisticated suite of mobile banking malware, this trojan harvests facial recognition data for unauthorized access to bank accounts using deep fakes — introducing a new monetary theft technique previously unseen. This threat cluster has been attributed to a single actor, codenamed: GoldFactory.

Learn more about GoldFactory from Group-IB’s research

Face Off: Group-IB identifies first iOS trojan stealing facial recognition data

Gold Rush is back to APAC: Group-IB unveils first iOS trojan stealing your face

Let's dig deeper: dissecting the new Android Trojan GoldDigger with Group-IB Fraud Matrix

Breaking down Gigabud banking malware with Group-IB Fraud Matrix

Victims

Tend to be finance companies, predominantly in the Asia-Pacific (APAC) region, with evidence suggesting a strong focus on Vietnam and Thailand firms.

What we know about GoldFactory members

There are indications GoldFactory will expand its operations beyond its two target countries.

Motivations

Financial gain via AI-enabled iOS and Android trojans.