🚨 Indonesia’s tax season exposed a coordinated fraud campaign powered by industrialized malware infrastructure.

Our latest technical deep dive reveals how the GoldFactory threat cluster leveraged shared infrastructure to deploy multiple malware families across an entire national digital ecosystem.

Key highlights:
🔹 A highly synchronized campaign targeted ~67 million tax residents during the 2026 tax season.
🔹 Infrastructure extended beyond tax services, abusing 16+ trusted brands with an estimated USD 1.5–2M systemic impact.
🔹 A multi-stage attack chain combined phishing, vishing, and malicious APK sideloading for full device takeover.
🔹 228 new Gigabud.RAT and MMRat samples were identified, highlighting rapid malware evolution.
🔹 Attribution confirms GoldFactory’s shift toward unified, cross-border fraud infrastructure.
🔹 Proactive infrastructure mapping reduced fraud success to just 0.027% among protected, compromised devices

Read the full technical breakdown.

#CyberSecurity #MalwareAnalysis