Subj : Hackers observed injecting legitimate banking apps with malicious To : All From : TechnologyDaily Date : Fri Dec 05 2025 15:00:07 Hackers observed injecting legitimate banking apps with malicious code Date: Fri, 05 Dec 2025 14:50:00 +0000 Description: Poisoned apps are lurking on the internet, so make sure to double-check your sources before downloading anything. FULL STORY ======================================================================Group-IB links poisoned mobile banking apps to GoldFactory Attackers decompile legitimate apps, add trojans/backdoors, and spread them via phishing lures and fake sites Advanced malware families enable full device takeover, exposing tens of thousands to banking fraud Hackers are tricking people into downloading poisoned mobile banking apps, stealing their login credentials, monitoring their activity, and in many cases - enabling financial fraud. This is according to cybersecurity researchers Group-IB who, in a recent report, said that the group is most likely GoldFactory, known for stealing facial recognition data and targeting companies and consumers in the Asia-Pacific region. The first stage of the process is to decompile a legitimate banking app. This allows the attackers to add code of their own, usually a remote-accessed trojan or a form of backdoor . Then, they recompile the app, and create a landing page that, in most respects, is identical to the authentic one. Catch the price drop- Get 30% OFF for Enterprise and Business plans The Black Friday campaign offers 30% off for Enterprise and Business plans for a 1- or 2-year subscription. Its valid until December 10th, 2025. Customers must enter the promo code BLACKB2B-30 at checkout to redeem the offer. View Deal Sophisticated banking fraud From there, they engage in targeted social-engineering campaigns, impersonating local governments, or different service providers, the researchers said. In other words, the attackers create convincing phishing lures, tricking people into visiting fake government and service provider websites, and sideloading these poisoned applications. The worst part is that the app, on the surface, behaves as it is supposed to, convincing the victims and making them oblivious to what is happening in the background. GoldFactory uses a suite of advanced hooking malware families including SkyHook, FriHook, PineHook and Gigabud variants to bypass app-integrity checks, hide malicious activity, and take full control of infected devices. These tools allow attackers to capture sensitive data, automate on-screen actions, and even remotely view and operate the victims phone, Group-IB explained. While the focus so far is on Asia-Pacific, the approach enabled rapid deployment across countries, it was said. Tens of thousands of users, and dozens of financial institutions, are therefore exposed to high-impact banking fraud. Craig Jones, former Cybercrime Director at Interpol, recently spoke about GoldFactory on an episode of Masked Actors, and said its modus operandi is sophisticated banking fraud. TechRadar Pro first reported on GoldFactory in mid-February 2024, when Gold-IB discovered GoldPickaxe , a trojan that steals biometric data and uses it to generate convincing deepfakes which can later be used to break into mobile banking applications. Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button! And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too. ====================================================================== Link to news story: https://www.techradar.com/pro/security/hackers-observed-injecting-legitimate-b anking-apps-with-malicious-code --- Mystic BBS v1.12 A49 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .