Home » Security News » GodFather Android malware is targeting banks and c...

GodFather Android malware is targeting banks and crypto exchanges

Deepanker Verma December 21, 2022 Security

Add Techlomedia as a preferred source on Google.

A bank malware named ‘Godfather’ has been targeting Android users in 16 countries. This malware is trying to steal account credentials for over 400 online banking sites and cryptocurrency exchanges.

This malware shows fake login screens over the login screen of banking and crypto exchange apps. When the user tried to login into one of the target baking and crypto exchange apps, they get the fake login screen. If they enter the credentials, attackers will get their login details.

Group-IB analysts, who discover Godfather trojan back in 2021, believe that it is the successor of Anubis. Anubis is a notorious banking trojan that is not much effective now. Godfather’s developers used the source code of Anubis as a base code and improved it for new versions of Android. Developers basically modified the C&C communication protocol and capabilities.

As per the report, Godfather targets 215 international banks, 94 cryptocurrency wallets, and 110 crypto exchange platforms. Most of the target companies are located in the US, Turkey, Spain, Canada, Germany, France, and the UK.

Godfather Trojan can record the screen of the victim’s device, launch keyloggers, execute USSD requests, send SMS from infected devices, launch proxy servers, establish WebSocket connections, forward calls to bypass two-factor authentication, Exfiltrate push notifications, and establish VNC connections.

The report also confirmed that Godfather checks the system language and shuts down itself if the language is one from post-Soviet countries. Here’s the list.

RU (Russia)
AZ (Azerbaijan)
AM (Armenia)
BY (Belarus)
KZ (Kazakhstan)
KG (Kyrgyzstan)
MD (Moldova)
UZ (Uzbekistan)
TJ (Tajikistan)

This suggests that the Trojan belongs to Russian attackers.

Godfather is not the only Android malware that uses the source code of Anubis. Back in July, ThreatFabric also founded Falcon malware which was basically the modified version of Anubis. The source code of Anubis was leaked in 2019. So, we can expect more modified versions of Anubis in the coming years.

Follow Techlomedia on Google News to stay updated.

Affiliate Disclosure:

This article may contain affiliate links. We may earn a commission on purchases made through these links at no extra cost to you.

About the Author: Deepanker Verma

Deepanker Verma is the Founder and Editor-in-Chief of TechloMedia. He holds Engineering degree in Computer Science and has over 15 years of experience in the technology sector. Deepanker bridges the gap between complex engineering and consumer electronics. He is also a a known Security Researcher acknowledged by global giants including Apple, Microsoft, and eBay. He uses his technical background to rigorously test gadgets, focusing on performance, security, and long-term value.