Hook for Gold: Inside GoldFactory’s Сampaign That Turns Apps Into Goldmines

This Group-IB report describes the GoldFactory criminal group's evolving mobile banking campaign across APAC, detailing how attackers sideload modified legitimate banking apps (FriHook, SkyHook, PineHook, Gigaflower) after initial compromise via droppers (Gigabud, Remo, MMRat) and social-engineering (smishing/vishing). The analysis covers technical methods (Frida/Dobby/Pine hooking, WebRTC streaming, OCR/QR harvesting of ID cards), documented IOCs (SHA256s, domains, IPs), infection telemetry showing thousands of victims, and defensive recommendations for banks and end users.