Security News > 2022 > December > GodFather Android malware targets 400 banks, crypto exchanges

An Android banking malware named 'Godfather' has been targeting users in 16 countries, attempting to steal account credentials for over 400 online banking sites and cryptocurrency exchanges.

The malware generates login screens overlaid on top of the banking and crypto exchange apps' login forms when victims attempt to log in to the site, tricking the user into entering their credentials on well-crafted HTML phishing pages.

The Godfather trojan was discovered by Group-IB analysts, who believe it is the successor of Anubis, a once widely-used banking trojan that gradually fell out of use due to its inability to bypass newer Android defenses.

Almost half of all apps targeted by Godfather, 215, are banking apps, and most of them are in the United States, Turkey, Spain, Canada, France, Germany, and the UK. Apart from banking apps, Godfather targets 110 cryptocurrency exchange platforms and 94 cryptocurrency wallet apps.

Anubis' source code was leaked in 2019, so Godfather might be either a new project from the same authors or a new malware created by a new threat group.

Overall, Godfather is a feature-rich, dangerous trojan built on proven code from the Anubis malware, targeting an extensive list of apps and Android users from around the globe.

News URL

https://www.bleepingcomputer.com/news/security/godfather-android-malware-targets-400-banks-crypto-exchanges/