1 year ago
A portion of malware called “Godfather” is targeting users of crypto apps and different services, according to a connection from German regulator BaFin connected Jan. 9.
BaFin said that Godfather affects astir 400 cryptocurrency and banking apps. The malware much specifically targets 110 crypto exchanges, 94 crypto wallets, and 215 banking apps, according to a abstracted study from Group IB successful December.
Godfather steals login information from users by displaying fake login windows connected apical of existent ones, thereby deceiving users into entering their information into a monitored form.
Godfather operates lone connected Android devices. It mimics Google Protect successful bid to found itself. It past falsely scans Play Store downloads for malware and hides itself from the database of installed applications. By imitating Google Protect, Godfather tin besides leverage AccessibilityService to further summation instrumentality entree and relay information to attackers.
Godfather specifically attempts to imitate applications installed connected a user’s device. However, it tin besides grounds the screen, motorboat keyloggers, guardant calls containing 2FA codes, nonstop SMS messages, and marque usage of assorted different strategies.
Though Germany warned of Godfather attacks today, attacks are not isolated to that country. IB Group said successful its study that Godfather has targeted users successful 16 countries including the U.S., Turkey, Spain, Canada, France, and the U.K. Incidentally, devices acceptable to usage definite languages including Russian cannot tally the malware.
Group IB suggested that Godfather was dispersed partially done a malicious Google Play application. However, the information probe radical said determination is an wide “lack of clarity” connected however this peculiar portion of malware infects devices.
Phishing malware is reasonably common. One akin portion of malware called Mars Stealer emerged successful 2022, and different called Raccoon was seen successful 2021.
However, phishing tin beryllium accomplished without infecting idiosyncratic devices. Such attacks tin beryllium carried retired solely by creating fake emails and websites that lucifer their existent counterparts — relying connected quality mistake alternatively than compromised devices.
The station Godfather malware targets crypto, banking apps appeared archetypal connected CryptoSlate.
English (US) 