GoldFactory cybercriminal group launched a fresh campaign since October 2024 targeting mobile users in Indonesia, Thailand, and Vietnam. The attackers distribute modified banking applications that serve as conduits for Android malware while impersonating government services. The campaign has resulted in over 11,000 infections across Southeast Asia. The malware targets banking credentials and financial information through fraudulent mobile applications. This represents an active, large-scale financial threat to mobile banking users in the region.