The Price of Trust: Analyzing the Malware Campaign Exploiting TASPEN's Legacy to Target Indonesian Senior Citizens

Aug. 27, 2025, 7:11 p.m.

Description

A sophisticated mobile malware campaign is targeting Indonesian pensioners by impersonating TASPEN, the state pension fund. The attackers use a phishing website to distribute a malicious Android app that steals banking credentials, intercepts SMS messages for OTPs, and captures biometric data. The malware employs advanced evasion techniques and communicates with a command and control server, likely operated by a Chinese-speaking threat actor. This campaign poses significant risks to Indonesia's digital transformation efforts and public trust in government institutions. The successful targeting of TASPEN creates a dangerous precedent for attacks on other critical financial entities across Southeast Asia.

External References

https://www.cloudsek.com/blog/taspen-malware-campaign-targeting-indonesian-senior-citizens
https://otx.alienvault.com/pulse/68af2b5648f9ceb82d43d3b9
Tags
phishing
spyware
banking trojan
mobile malware
indonesia
senior citizens
2025-08-27
pension fund
taspen

Date

  • Created: Aug. 27, 2025, 3:59 p.m.
  • Published: Aug. 27, 2025, 3:59 p.m.
  • Modified: Aug. 27, 2025, 7:11 p.m.

Indicators

  • c4a4c485660abe8286c58d2f6c8bb7e2e698db305761e703987efc6653c2ec25
  • 5b9bd063360912a57a1cde5c1980594703ab301161c9a91197bff76352410df0
  • 3ddefbacd77de58c226a388ad92125e1333a7211fc0b1d636dea778923190c4f
  • 1963b78a98c24e106ba93168f69ad12914e339a155b797a4d6fb6e8ff88819ea
  • 38.47.53.168
  • taspen.ahngo.cc
  • rpc.syids.top
Download all indicators here!

Attack Patterns

  • Banking Trojan
  • Spyware
  • Chinese-speaking threat group

Additional Informations

  • Finance
  • Government
  • Indonesia