TZUTC: -0500   
   MSGID: 1790.consprcy@1:2320/105 2d983a42   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Hackers observed injecting legitimate banking apps with malicious code   
      
   Date:   
   Fri, 05 Dec 2025 14:50:00 +0000   
      
   Description:   
   Poisoned apps are lurking on the internet, so make sure to double-check your   
   sources before downloading anything.   
      
   FULL STORY   
      
   Hackers are tricking people into downloading poisoned mobile banking apps,   
   stealing their login credentials, monitoring their activity, and in many    
   cases - enabling financial fraud.    
      
   This is according to cybersecurity researchers Group-IB who, in a recent   
   report, said that the group is most likely GoldFactory, known for stealing   
   facial recognition data and targeting companies and consumers in the   
   Asia-Pacific region.    
      
   The first stage of the process is to decompile a legitimate banking app. This   
   allows the attackers to add code of their own, usually a remote-accessed   
   trojan or a form of backdoor . Then, they recompile the app, and create a   
   landing page that, in most respects, is identical to the authentic one.    
      
   Sophisticated banking fraud   
      
   From there, they engage in targeted social-engineering campaigns,   
   impersonating local governments, or different service providers, the   
   researchers said. In other words, the attackers create convincing phishing   
   lures, tricking people into visiting fake government and service provider   
   websites, and sideloading these poisoned applications.    
      
   The worst part is that the app, on the surface, behaves as it is supposed to,   
   convincing the victims and making them oblivious to what is happening in the   
   background.    
      
   GoldFactory uses a suite of advanced hooking malware families  including   
   SkyHook, FriHook, PineHook and Gigabud variants  to bypass app-integrity   
   checks, hide malicious activity, and take full control of infected devices.   
   These tools allow attackers to capture sensitive data, automate on-screen   
   actions, and even remotely view and operate the victims phone, Group-IB   
   explained.    
      
   While the focus so far is on Asia-Pacific, the approach enabled rapid   
   deployment across countries, it was said. Tens of thousands of users, and   
   dozens of financial institutions, are therefore exposed to high-impact    
   banking fraud.    
      
   Craig Jones, former Cybercrime Director at Interpol, recently spoke about   
   GoldFactory on an episode of Masked Actors, and said its modus operandi is   
   sophisticated banking fraud.    
      
    TechRadar Pro first reported on GoldFactory in mid-February 2024, when   
   Gold-IB discovered GoldPickaxe , a trojan that steals biometric data and uses   
   it to generate convincing deepfakes which can later be used to break into   
   mobile banking applications.    
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/hackers-observed-injecting-legitimate-b   
   anking-apps-with-malicious-code   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426