Attention danger ! An extremely virulent Trojan horse is currently rife. The banking malware has notably targeted several financial institutions and represents a threat to our personal data.
Many countries are affected by this malware which could do serious damage.
A “Godfather” who does not wish you well
Known as “Godfather” in the language of Shakespeare, this Trojan for Android devices has targeted more than 400 financial services since June 2021. You should know that the developers of this malware used the source code of Anubis , another Trojan made obsolete following security updates rolled out by Google. Features have been added and others removed (like file encryption) in this modernized version.
According to figures released last October and disclosed by the company Group-IB, Godfather affected 419 financial companies around the world. This figure includes 215 international banks, 94 cryptocurrency wallets and 110 crypto exchanges. They are mainly located in the United States (49), Turkey (31) and Spain (30). Other victims are to be deplored in the United Kingdom, Italy, Germany or France.
A well-honed technique
This Trojan invites itself discreetly to connected devices via decoy applications hosted on Google Play. For example, in Turkey, the malware copied a downloaded music app more than 10 million times. It can even imitate well-known tools like Google Play Protect. When the user opens a notification of an infected app, the malware is launched. He then superimposes fake web pages to collect valuable information.
According to the Group-IB report, Godfather is able to capture usernames and passwords entered on fake sites. It is able to bypass two-factor authentication. The software can also take screenshots of the device, launch a keylogger, send text messages from an affected smartphone or even forward calls (a good way to skip two-factor authentication) .
In short, all this in order to glean our precious banking information to empty our accounts. Stay very vigilant!
Source : Group-IB
0