Cybersecurity News and Headlines
  • All Technology
  • AI
  • Autonomy
  • B2B Growth
  • Big Data
  • BioTech
  • ClimateTech
  • Consumer Tech
  • Crypto
  • Cybersecurity
  • DevOps
  • Digital Marketing
  • Ecommerce
  • EdTech
  • Enterprise
  • FinTech
  • GovTech
  • Hardware
  • HealthTech
  • HRTech
  • LegalTech
  • Nanotech
  • PropTech
  • Quantum
  • Robotics
  • SaaS
  • SpaceTech
AllNewsDealsSocialBlogsVideosPodcastsDigests

Cybersecurity Pulse

EMAIL DIGESTS

Daily

Every morning

Weekly

Sunday recap

NewsDealsSocialBlogsVideosPodcasts
CybersecurityNewsIndustrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia
Industrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia
Cybersecurity

Industrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia

•February 19, 2026
0
Infosecurity Magazine
Infosecurity Magazine•Feb 19, 2026

Companies Mentioned

Group‑IB

Group‑IB

Why It Matters

The attack demonstrates how cybercriminals can erode trust in digital public services and highlights the urgent need for advanced, predictive defenses in the financial and governmental sectors.

Key Takeaways

  • •Fraud used fake Coretax Android apps, costing up to $2 M.
  • •Campaign leveraged WhatsApp phishing and voice‑phishing tactics.
  • •GoldFactory cluster deployed Gigabud.RAT and MMRat malware.
  • •Predictive detection limited compromise rate to 0.027 %.
  • •MaaS framework could expand fraud to Southeast Asia.

Pulse Analysis

Indonesia’s Coretax platform, a cornerstone of the nation’s digital tax administration, has become an unexpected vector for cybercrime. While the service is officially web‑only, fraudsters fabricated Android applications that masqueraded as legitimate tax tools, exploiting the public’s trust in government portals. This tactic reflects a broader shift where attackers target the perceived safety of public‑sector digital services to harvest financial data. As mobile banking adoption accelerates across Southeast Asia, the convergence of tax compliance deadlines and ubiquitous smartphones creates fertile ground for large‑scale fraud campaigns.

The operation, attributed to the GoldFactory threat cluster, combined multiple malware families—most notably Gigabud.RAT and MMRat—with a sophisticated phishing‑as‑a‑service infrastructure. Victims received WhatsApp messages impersonating tax officials, followed by voice‑phishing calls that pressured immediate payments. The malicious APKs granted remote access, enabling screen recording, OTP capture, and account takeover through mule networks. Group‑IB’s layered defense, blending signature detection, behavioral analytics, and contextual intelligence, reduced the device‑compromise rate to a mere 0.027 %, illustrating the potency of predictive security models against evolving Android RATs.

The financial fallout, estimated between $1.5 million and $2 million, underscores the economic risk of undermining confidence in e‑government services. Beyond Indonesia, the centralized phishing framework suggests a malware‑as‑a‑service model ready to target neighboring markets such as Thailand, Vietnam, and the Philippines. Enterprises and financial institutions must prioritize real‑time threat intelligence sharing, enforce strict app verification, and educate users about social‑engineering cues. Strengthening multi‑factor authentication and monitoring anomalous transaction patterns will be critical to curbing the next wave of tax‑related mobile malware attacks.

Industrial-Scale Fake Coretax Apps Drive $2m Fraud in Indonesia

Read Original Article
0

Comments

Want to join the conversation?

Loading comments...