‘Godfather’ Android malware wants to steal your banking credentials
It was revealed by Group-IB, ThreatFabric, and Cyble, and reported about by Bleeping Computer. This malware was spotted in 16 countries, and attempted to steal banking credentials for over 400 online banking sites and cryptocurrency exchanges. So, how does this work, exactly? This malware generates login screens overlay, and places it on top of banking and crypto exchange app login forms. This happens when you try to log in to the site. Some users get tricked, and log in anyway, and thus share their credentials. The ‘Godfather’ trojan is said to be a successor to Anubis, a well-known banking trojan. Anubis was thwarted by newer Android versions and their defenses, which is where Godfather comes in.
It was first spotted in March 2021
Since it has been first spotted, in March 2021, this trojan evolved, a lot. It got massive code upgrades and improvements. It was actually spotted in an app that mimics a popular music tool in Turkey, and managed to get 10 million downloads. Godfather targeted 215 banking apps thus far, that we know of, Those banking apps are used in the United States, Turkey, Spain, Canada, France, Germany, and the UK. Godfather also targets 110 cryptocurrency exchange platforms, and 94 cryptocurrency wallet apps. What is interesting is that if your smartphone language is set to Russian, Azerbaijani, Armenian, Belarusian, Kazakh, Kyrgyz, Moldovan, Uzbek, or Tajik, the malware won’t activate at any point. That kind of points to where the hackers are from, at least their region.
You need to be extra careful
You need to be extra careful when you download apps. Downloading them from official sources is the best way of protection, while making sure you don’t give out unnecessary permissions, and that you pay attention on login screens, to make sure they’re not fake.
