Godfather Android Malware Stealing Bank Websites & Crypto Exchanges' Data

By Gagandeep Singh


IB researchers have discovered an Android malware Godfather, which steals the info of over 400 banking sites & cryptocurrency exchanges.

Researchers believe that the Godfather could be the alternative of the Anubis i.e. a banking trojan Android malware which was widely used.

The malware was first discovered by Threat Fabric in March 2021 and it has seen some significant improvements & upgrades in its code.

The malware creates a login display on the top of the banking & cryptocurrency exchange app login page.

Malware deceives the targets into entering the correct credentials on the well-made HTML phishing pages.

The trojan is set to check the system language, and if it is Russian, Armenian, Kazakh, Kyrgyz, Moldovan, Uzbek, etc., then it stops functioning.

As the trojan is installed on the device, then it mimics the Google Play Protect.

The objective of the scanning is to request Accessibility services which look like an authentic tool to get the information.

Malicious activities include access to notifications and Messages, contacts, making phone calls etc.

Read the full story here.