Malware, especially on mobile devices, can be incredibly problematic for consumers. The Godfather Trojan, a malware strain targeting Android devices, is one such nasty element. It targets crypto and banking applications, which can have widespread consequences.
Beware Of The Godfather Trojan
It is no secret criminals want to defraud mobile users. Whether they use cryptocurrencies or traditional banking apps, they will eventually be a target. The Godfather Android Trojan illustrates that approach well. It is a problematic malware strain targeting hundreds of Android applications. So far, the malware is active in over a dozen countries, although that list will likely expand.
It is too early to gauge whether Godfather will be successful. However, the code creates convincing fake websites and iterations of applications. Those are layered on top of existing applications, tricking users into thinking their device works fine. However, criminals can obtain login details and steal funds. Users should always introduce additional protection, such as 2FA through a different device.
The malware has been in circulation for a while. Godfather has targeted over 200 banks and dozens of crypto wallet providers. In addition, the malware goes after crypto exchanges, primarily in the US, UK, Canada, and Turkey. No one is safe from this malware if they use an Android device. Interestingly, the code stops working on devices belonging to Russian-speaking people. Other Slavic languages may prevent the app from causing harm as well.
That doesn’t mean the people behind Godfather are from Russia or the former Soviet Union, though. It is likely they want to avoid retaliation by not targeting devices in those countries. More research will be needed to shed some light on this aspect. What we do know is that Godfather is an upgrade from Anubis, another banking Trojan that had its code leaked in 2019. Although that threat has been dormant since then, it has now come back.
The Distribution Vector Remains Unclear
Although Godfather has been on security researchers’ radar for some time, the new version causes concern. Moreover, there are many questions as to how criminals distribute the payload. Traditional methods include packing it with another Android app, phishing, etc. So far, a malicious Android application in the Google Play Store seems the most likely candidate. Which application that may be is anyone’s guess.
One of the applications in Godfather’s “network” is Currency Converter Plus. It has over 500 downloads and a 4.7 Google Play Store rating. It is one of many possible distribution avenues. Once installed, the Godfather Trojan will try to mimic Google Protect and emulates it. In addition, the Trojan gives itself the required permissions to communicate through a command&control server.
For paid/sponsored articles, FintechMode neither endorses nor takes responsibility for the accuracy, timeliness, quality, and content of said articles. The statements, views and opinions expressed in paid/sponsored articles are solely those of the content provider and readers are reminded that Cryptocurrency products are unregulated in most locations and can be highly risky. Do your own research and consult relevant financial experts before making any investment decisions. FintechMode will not be held accountable, either directly or indirectly, for any harm or loss that may stem from or be linked to the usage or reliance on any information, goods, or services mentioned on this page. If you have any concerns, please email [email protected] or refer to our Terms & Conditions