Masked Actors Masked Actors Masked Actors
GROUP-IB.COM

GoldFactory

GoldFactory

About

Currently, there’s limited public information on this Masked Actors group. However, in May 2024, we uncovered the first iOS trojan, dubbed GoldPickaxe.iOS. Part of a sophisticated suite of mobile banking malware, this trojan harvests facial recognition data for unauthorized access to bank accounts using deep fakes — introducing a new monetary theft technique previously unseen. This threat cluster has been attributed to a single actor, codenamed: GoldFactory.

Active since
May 2024
Primary targets
Emerging group signalling a possible evolution in AI-driven attacks, with the potential to disrupt the financial systems of targeted countries
Motivation
Financial gain via AI-enabled iOS and Android trojans.
Heritage
Group-IB uncovered the malware GoldDigger in June 2023, part of the GoldPickaxe family
Learn more about GoldFactory from Group-IB’s research
Blog "Face Off: Group-IB identifies first iOS trojan stealing facial recognition data"
Gold Rush is back to APAC: Group-IB unveils first iOS trojan stealing your face
Blog "Let's dig deeper: dissecting the new Android Trojan GoldDigger with Group-IB Fraud Matrix"
Blog "Breaking down Gigabud banking malware with Group-IB Fraud Matrix"
Blog "Hook for Gold: Inside GoldFactory's Сampaign That Turns Apps Into Goldmines"
Podcast "GoldFactory: The Cybercriminals Who Want to Steal Your Face"
Victims

Tend to be finance companies, predominantly in the Asia-Pacific (APAC) region, with evidence suggesting a strong focus on Vietnam and Thailand firms.

What we know about GoldFactory members

There are indications GoldFactory will expand its operations beyond its two target countries.

Other Masked Actors
RansomHub
Lazarus
DragonForce
Oilrig
MuddyWater
Brain Cipher
Boolka
Ajina
Team TNT