Godfather malware is threatening 500 Android apps
New threat intelligence analysis has confirmed that a new version of the Godfather banking trojan is targeting in excess of 500 Android banking and cryptocurrency apps as part of a global threat campaign. Here’s what is known so far and how you can mitigate the Godfather risk.
Android Users Warned That The Godfather Wants To Make A Malware Offer You Can’t Refuse
The latest analysis by security researchers working at the Cyble Research and Intelligence Labs has identified a brand new variant of a particularly dangerous Android malware family known as Godfather.
The analysis has confirmed that the malware, a trojan that targets Android banking and cryptocurrency apps, has spread from an initial geographical base of the U.S., U.K., and Europe to include Azerbaijan, Greece, Japan and Singapore.
It also appears that the threat actors behind the Godfather malware have now transitioned away from the use of Java to a new native code implementation that relies heavily upon Android’s accessibility services to execute the credential-stealing phase of the attack on targeted apps.
If all that wasn’t bad enough, the mafioso malware can now even mimic user actions on infected Android devices with new gesture automation commands.
How The Mafioso Malware Delivers The Godfather’s Malicious Message To Android Users
Given the sheer number of articles around at the moment warning users of all operating system platforms about the danger of ongoing phishing campaigns, it should come as no surprise that social engineering is at the heart of the initial Godfather malware attack.
The Cyble Research and Intelligence Labs analysts identified a site, for example, purporting to be the official MyGov website of the Australian Government distributing a file linked to the Godfather malware. The threat actors even make use of a visitor counter to keep track of the numbers being duped so as to shape their ongoing attack strategy.
Once the malicious app is downloaded, it sends details of installed applications, language and SIM to a control server. If the user attempts to interact with any targeted Android application , the Godfather closes that app down and loads a fake bank or crypto URL instead using WebView. “Rather than launching the legitimate application,” the security researchers said, “the malware activates itself and loads a phishing page to steal banking credentials.”
The Godfather Is A Dangerous And Adaptable Threat To Android Users
This latest iteration in the Godfather malware series illustrates just how dangerous and adaptable mobile threats have become. “By moving to native code and using fewer permissions,” the researchers said, “the attackers have made Godfather harder to analyze and better at stealing sensitive information from banking and cryptocurrency apps.” Now that it targets more Android apps across more countries, the Godfather has proven it is truly an evolving risk to users worldwide.
- Download and install software only from official Android app stores.
- Use a reputed anti-virus and internet security software package on your connected devices.
- Use strong passwords and enforce multi-factor authentication wherever possible.
- Enable biometric security features such as fingerprint or facial recognition for unlocking the mobile device where possible.
- Be wary of opening any links received via SMS or emails delivered to your phone.
- Be careful while enabling any permissions. Keep your devices, operating systems, and applications updated.
- Ensure that Google Play Protect is enabled on Android devices.
