Skip to content

Godfather malware hacks hundreds of banking and crypto apps

Comeback! This time with an update: the Godfather malware. Do you have an Android phone? Then pay attention. Because this dangerous malware pretends to be a legitimate banking or crypto app.

Godfather malware, back with a vengeance. – Source: Generated by Dream AI

What exactly does Godfather malware do?

The Godfather malware probably originated from someone from the former Soviet Union. The maker “rents” this malware as “malware as a service”. The security of the Google Appstore is quite good, but criminals have managed to publish an app infected with the Godfather malware in the Playstore on a few occasions. One of these apps is Currency Converter Plus, from Technology Plus (this app has since been taken offline).

As soon as you install an app with the malware on board, it installs Godfather malware on your phone. For this, the app requests permission to support functions of disabled people. If you give it, you give the app permission to take over the entire phone. Now the malware can give itself all the necessary permissions and start communicating with the creator’s C&C server.

It can now give commands to the app and retrieve passwords, for example. One of the permissions the app gives itself is to project itself over other apps. Such as to show a fake login screen in front of the real login screen of a banking app. You think you are logged in to your bank, but in reality you are logged in to the hacker, who now has your data and can loot your account.

How do I protect myself?

To avoid infection with this Godfather malware and other malicious software, you need to learn some important habits. First, only download apps from the Google Playstore. Nearly all malware outbreaks are through apps downloaded outside of the Google Playstore. While Google’s protection isn’t perfect, it’s pretty good.

Also very important is: always check whether the app really comes from the bank or the crypto exchange for which it is intended. If only a few hundred people have downloaded the app, while a bank has hundreds of thousands of customers, that’s a red flag. Then you probably have a fake version.

Always download the latest updates for Android. This plugs your security problems, although with some cheaper brands the updates are unfortunately quite irregular. The latest updates often contain a security that cuts off trojans, such as the Godfather malware.

When an app is installed, check which permissions it asks for. If that’s more than the app needs to work, that’s a red flag. An example: Asking permission for Microphone makes sense for a karaoke app, but very wrong for a screensaver.

Permissions you basically never must give are: display for other apps, adjust system settings and accessibility. This gives an app total control over your phone.

More technical information about this trojan can be found here, at Group IB.

Leave a Reply

Your email address will not be published. Required fields are marked *