Threats Affecting Thailand

A sophisticated Android malware campaign has been identified conducting carrier billing fraud through premium SMS abuse across Malaysia, Thailand, Romania, and Croatia. The operation comprises nearly 250 malicious applications that selectively target users based on their mobile operators, silently subscribing victims to premium services without consent. The malware demonstrates advanced capabilities including precise regional targeting with hardcoded SIM operator validation, automated subscription workflows using WebView manipulation and JavaScript injection, OTP interception via abuse of Google's SMS Retriever API, and Telegram-based exfiltration of device metadata. The campaign impersonates popular applications including Facebook, Instagram, TikTok, Minecraft, and Grand Theft Auto to lure victims. Active from March 2025 through January 2026, the operation employs three distinct variants with increasing levels of sophistication, utilizing distributed command and control infrastructure and systematic refer...

MediumCampaignMalaysiaThailandRomania+1#android#telegram exfiltration#otp interception

A sophisticated fraud campaign exploiting Indonesia's tax season targeted 67 million residents through fake Coretax applications distributed via phishing websites and WhatsApp social engineering. The GoldFactory threat cluster orchestrated operations using Gigabud.RAT and MMRat malware families with shared infrastructure abusing over 16 trusted brands across government and financial sectors. The attack chain combines vishing, screen recording, and remote access capabilities to achieve device compromise and unauthorized financial transfers. Estimated financial impact reaches USD 1.5-2 million nationwide, with global implications extending to USD 6 million annually across multiple countries. The industrialized malware-as-a-service infrastructure enables horizontal scaling across Thailand, Vietnam, Philippines, and South Africa, demonstrating a shift toward unified cross-border operations that systematically undermine trust in digital government services.

MediumMalwareIndonesiaPeruPhilippines+2#goldfactory#gigabud.rat#mmrat

The software developer has identified the impacted systems, removed potentially compromised files, and validated installation packages. The post Vendor Says Daemon Tools Supply Chain Attack Contained appeared first on SecurityWeek .

MediumVulnerabilityBelarusRussiaThailand

Kaspersky experts have detected a supply chain attack using the popular DAEMON Tools software.

MediumVulnerabilityRussiaBrazilTurkey+7

An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload.

CriticalVulnerabilityChinaTaiwanHong Kong+7#cve#cve-2026-30643

Key Points Introduction At the beginning of 2026, Check Point Research observed a series of targeted attacks against government entities in Southeast Asia carried out via a legitimate TrueConf software installed in the targets’ environment. The investigation led to the discovery of a zero-day vulnerability in the TrueConf client, tracked as CVE-2026-3502 with a CVSS score of 7.8. […] The post Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets appeared first on Check Point Research .

MediumExploitIndonesiaMalaysiaThailand+4

Silver Fox, a threat actor, is exploiting Japan's tax filing and organizational change season with a targeted spearphishing campaign against Japanese businesses. The group sends convincing phishing emails related to tax compliance, salary adjustments, and HR matters, tricking recipients into opening malicious links or attachments. The campaign capitalizes on the high volume of legitimate financial and HR communications during this period, increasing the risk of compromise. Silver Fox has expanded its targets from Chinese-speaking entities to Southeast Asia, Japan, and potentially North America. The group uses ValleyRAT, a remote access trojan, to gain control of compromised machines and steal sensitive information. To protect against this threat, organizations should increase vigilance, reinforce awareness about phishing attempts, and verify the authenticity of tax- and HR-themed requests.

MediumMalwareJapanChinaSingapore+7#targeted attacks#valleyrat#financial lures

A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.

HighVulnerabilityChinaIndiaBrazil+7#cve#cve-2026-4960

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

HighVulnerabilityChinaIndiaRussia+7#cve#cve-2026-4961

DedeCMS v5.7.118 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability in /sys_task_add.php.

HighVulnerabilityChinaTaiwanJapan+8#cve#cve-2026-29839