Godfather is particularly dangerous malware, targeting customers of as many as 400 banks around the world. Its modus operandi is formidable, since it is able to imitate many applications and security tools to trap its victim and encourage him to provide his bank details without realizing it.
Godfather is one of those Android malware that must be watched at all costs, because it is capable of emptying the bank account of its victim in a few seconds. He was spotted for the first time in 2021 by the ThreatFabric teams, who then believed him to be the direct heir of the dreaded Anubis. Today, a new report from Cyble indicates that the malware has grown in muscle, making it even more dangerous.
According to Cyble, Godfather operates in 16 countries, targeting customers from over 400 banks, 110 cryptocurrency exchanges and 94 crypto wallets. The latter is hidden in at least 215 applications on the Play Store. In Turkey in particular, the malware is integrated into a fake copy of a very popular music application which has been downloaded 10 million times. In France, at least twenty applications serve as camouflage for Godfather.
Godfather can do very, very badly to your bank account
Godfather is particularly dangerous in the sense that it is very difficult to detect him. To begin with, the malware will imitate the Google Protect service, present on all Android smartphones, even going so far as to imitate the fingerprint scanner. Its primary objective is to obtain permission for the accessibility settings, which will allow it to perform a number of malicious actions on the target smartphone.
On the same subject: Warning, this Android malware deletes data from your smartphone and empties your bank account
From then on, Godfather will be able to save the passwords typed by the victim, record his screen, extract contacts and SMS, make calls, create fake notifications, the list is long. The goal is of course to recover the information and bank identifiers as quickly as possible in order to quickly make transfers to the pirates’ account. Worse still, once installed, it is impossible to remove the malware from the smartphone.
Source: Cyble