Godfather malware – a bug that has reportedly attacked over 400 banking and cryptocurrency apps worldwide- can steal banking credentials, including user names and passwords. The rebooted malware has attacked the users of over 14 countries, including the US and the UK, the German financial authorities have also issued a fresh warning regarding the Godfather malware, saying that it was unclear how the malware infected consumers’ devices, but it was currently recording user input on banking and crypto apps.
Mode of Action of Godfather Malware
The German financial authority (BaFin) informed that the Godfather Trojan tries to trick people into entering their login details on simulations of official banking apps; it can then acquire the login details and transmit them to cyber criminals. According to BaFin, “The malware also sends push notifications to obtain two-factor authentication codes. With these data, the individuals or teams who use technology to commit malicious activities may be able to access consumers’ accounts and wallets.”
Cybersecurity experts from Group-IB first discovered the Trojan in 2021, but it has undergone significant code upgrades since then, causing a recent spike in cyber attacks. The German authorities advised the people on how they could protect their devices and accounts from getting infected by the malware.
Strategies Deployed by the Malware
Godfather attempts to imitate applications installed on a user’s device; it falsely scans Play Store downloads for malware and can also leverage Accessibility Service to gain device access further. Various other strategies of the malware to lure users into falling for the trap includes: recording the screen, launching keyloggers, forwarding calls containing 2FA codes, sending SMS messages, and more.