TeqGo.com
No Result
View All Result
No Result
View All Result
TeqGo.com
No Result
View All Result
Home Computer

Godfather Android Malware Targets 400+ Banks and Crypto Exchanges

Staff by Staff
December 24, 2022
in Computer
0
Godfather Android Malware Targets 400+ Banks and Crypto Exchanges
467
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


This site may earn affiliate commissions from the links on this page. Terms of use.

After fading away for several months, the newly prevalent Godfather Android malware is back with a vengeance, targeting more than 400 international financial firms. The trojan generates fake login pages to harvest customer login details, and that’s just the start. Godfather also mimics Google’s pre-installed security tools in an attempt to gain full control over devices.

Godfather was discovered by malware analytics firm Group I-B, with the first samples appearing in June 2021. It is believed this malware grew out of another popular bank hacker known as Anubis. Godfather circulated at low levels until June 2022, when it vanished. It appears the operators were simply preparing a new version. Godfather was back with a vengeance in September of this year, targeting a whopping 400 financial companies: 215 international banks, 94 cryptocurrency wallets, and 110 crypto exchanges.

When installed on a device, Godfather will generate fake login pages, which it can use to get usernames and passwords. Many banks and crypto firms have additional login requirements, and that’s where Godfather’s other mechanisms come in handy. After installation, the malware masquerades as a Google Play Protect alert. Thinking this is a legitimate popup from Android’s default security suite, some users will grant the malware accessibility control. At that point, Godfather can record the screen, read SMS, fire off fake notifications, make calls, and more — everything you need to compromise a bank account or crypto vault.

Godfather’s fake Play Protect popup.

The malware appears to be spreading via decoy apps in the Play Store. Group I-B has not determined who created and profits from Godfather, but it heavily suspects that they are Russian speakers. There’s a kill switch in the malware that checks the OS language setting. If it finds the default language is one of those spoken in former Soviet states (other than Ukrainian), it will shut down instead of stealing data. It’s not exactly a smoking gun, but it’s pretty suspicious.

After evaluating Telegram channels, Group I-B believes that Godfather is an example of Malware-as-a-Service (MaaS). The creators essentially license the malware to third parties, which can deliver them juicy financial details without the hassle of developing the malware and infrastructure. It targets institutions all over the world, including the US (49 sites), Turkey (31), Spain (30), and Canada (22). If you think you’ve been infected, remove accessibility from all installed apps (usually under Settings > Accessibility) and change your important passwords using a different device.

Now read:





Source link

Previous Post

Meta to pay $725 million to settle Cambridge Analytica lawsuit

Next Post

IRS delays implementation of tax policy change being fought by marketplace companies – GeekWire

Next Post
IRS delays implementation of tax policy change being fought by marketplace companies – GeekWire

IRS delays implementation of tax policy change being fought by marketplace companies – GeekWire

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

How a former Microsoft researcher used AI to grow award-winning lettuce from 5,000 miles away – GeekWire

How a former Microsoft researcher used AI to grow award-winning lettuce from 5,000 miles away – GeekWire

August 25, 2022
Galvanize

Galvanize co-working space and coding bootcamp closing Seattle location after seven years – GeekWire

August 21, 2022

Trending.

What happened in the year 0 AD?

August 23, 2022

What is a 100000 year period called?

August 23, 2022

What does partner of the quarter mean Starbucks?

August 24, 2022

Is 50 years old a century?

August 23, 2022

Who left Fox 2 Detroit?

August 24, 2022
  • About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer

© 2021-2023 Teqgo.com

No Result
View All Result
  • About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer

© 2021-2023 Teqgo.com