There’s a new Android banking malware that’s been targeting bank websites and cryptocurrency exchanges.

The malware is called Godfather, an apparent nod to the classic mafia film Trilogy, which is targeting users in 16 countries with an attempt to steal accounts for more than 400 online banking websites and crypto exchanges.

Related

To steal accounts, the malware will generate fake login screens on top of the banking or crypto exchange apps where unsuspecting victims will try to log in their accounts, giving away their credentials to the hackers.

When installed on a device, the trojan can imitate Google Protect. It even goes above and beyond by also emulating a scanning action. This scan, since looks legitimate, aims for the user to grant access to Accessibility Service requests. Once the user approves the request, it can now issue itself all the required permissions to conduct the malicious tasks that include access to text messages for one-time passwords, screen recording, and more.

Group-IB analysts, the folks who discovered the trojan, believed that Godfather is a successor of Annubis, which used to be a popular banking trojan.

The Godfather was actually first discovered in March 2021 by ThreatFabric, but has now got substantial code upgrades and improvements.

SEE ALSO: How to check battery health on Android

A new report from Cyble also highlighted that there has been an increase in the activity of the Godfather recently. It apparently pushes an app that pretends to be a prominent music tool in Turkey, which has already been downloaded 10 million times on Google Play Store.

It is said that the Godfather dominantly tries to hack banking apps from the United States, Spain, Turkey, Canada, France, Germany, and the UK.

What’s interesting is, the Godfather was built to detect the device’s system language. For some reason, it stops operation if the language is set to Russian, Azerbaijani, Armenian, Belarusian, Kazakh, Kyrgyz, Moldovan, Uzbek, or Tajik. This could mean that the hackers behind it might be Russian speakers.

To keep you safe from this threat, make sure to only download apps from the Google Play Store, make sure you are running the correct Google Protect, and use an anti-virus tool.

Via: Bleeping Computer



Leave a comment

Your email address will not be published. Required fields are marked *