S Security
2 min read

GodFather Android malware is targeting banks and crypto exchanges

Deepanker Verma
December 21, 2022
Android Malware

A bank malware named ‘Godfather’ has been targeting Android users in 16 countries. This malware is trying to steal account credentials for over 400 online banking sites and cryptocurrency exchanges.

This malware shows fake login screens over the login screen of banking and crypto exchange apps. When the user tried to login into one of the target baking and crypto exchange apps, they get the fake login screen. If they enter the credentials, attackers will get their login details.

Group-IB analysts, who discover Godfather trojan back in 2021, believe that it is the successor of Anubis. Anubis is a notorious banking trojan that is not much effective now. Godfather’s developers used the source code of Anubis as a base code and improved it for new versions of Android. Developers basically modified the C&C communication protocol and capabilities.

As per the report, Godfather targets 215 international banks, 94 cryptocurrency wallets, and 110 crypto exchange platforms. Most of the target companies are located in the US, Turkey, Spain, Canada, Germany, France, and the UK.

Godfather Trojan can record the screen of the victim’s device, launch keyloggers, execute USSD requests, send SMS from infected devices, launch proxy servers, establish WebSocket connections, forward calls to bypass two-factor authentication, Exfiltrate push notifications, and establish VNC connections.

The report also confirmed that Godfather checks the system language and shuts down itself if the language is one from post-Soviet countries. Here’s the list.

  • RU (Russia)
  • AZ (Azerbaijan)
  • AM (Armenia)
  • BY (Belarus)
  • KZ (Kazakhstan)
  • KG (Kyrgyzstan)
  • MD (Moldova)
  • UZ (Uzbekistan)
  • TJ (Tajikistan)

This suggests that the Trojan belongs to Russian attackers.

Godfather is not the only Android malware that uses the source code of Anubis. Back in July, ThreatFabric also founded Falcon malware which was basically the modified version of Anubis. The source code of Anubis was leaked in 2019. So, we can expect more modified versions of Anubis in the coming years.

Techlomedia is supported by our readers. We put best buy links of different products and some those links are affiliate links.If you purchase through these links, we may earn a commission at no extra cost to you. This helps support our website and content creation.

Share this article
Shareable URL
Deepanker Verma
Deepanker Verma is a well-known technology blogger and gadget reviewer based in India. He has been writing about Tech for over a decade.
Prev Post

Messi’s World Cup celebration photo is the most-liked post on Instagram
Next Post

Okta’s GitHub repositories hacked; Source code stolen

Leave a Reply
Subscribe to our newsletter
Get notified of the best deals on our WordPress themes.
0
Share
0
0
0
0
0
0