Godfather malware is threatening 500 Android apps
New threat intelligence analysis has confirmed that a new version of the Godfather banking Trojan is targeting more than 500 Android banking apps and cryptocurrencies as part of a global threat campaign. Here’s what’s known so far and how you can mitigate the risk of The Godfather.
Android users warned that the Godfather wants to make a malware offer you can’t refuse
Recent analysis by security researchers working at Cyble Research and Intelligence Labs has identified a brand new variant of a particularly dangerous Android malware family known as Godfather.
Analysis has confirmed that the malware, a Trojan that targets Android banking apps and cryptocurrencies, has spread from an initial geographic base of the US, UK and Europe to include Azerbaijan, Greece, Japan and Singapore.
It also appears that the threat actors behind the Godfather malware have now moved away from using Java to a new native code implementation that relies heavily on Android Accessibility Services to execute the credential-stealing phase of the attack on target apps.
If all that wasn’t bad enough, the mafia malware can now also mimic user actions on infected Android devices with new gesture automation commands.
How Mafioso Malware Sends Malicious Godfather Message to Android Users
Given the large number of articles currently warning users of all operating system platforms about the risk of ongoing phishing campaigns, it should come as no surprise that social engineering is at the heart of the initial Godfather malware attack.
Cyble Research and Intelligence Labs analysts identified a site, for example, purporting to be the Australian Government’s official MyGov website that shared a file associated with the Godfather malware. Threat actors even use a visitor counter to keep track of the numbers being spoofed in order to shape their ongoing attack strategy.
Once the malicious app is downloaded, it sends details of installed apps, language and SIM to a control server. If the user tries to interact with any targeted Android app, the Godfather closes that app and loads a fake banking or crypto URL instead of using the WebView. “Instead of launching the legitimate application,” the security researchers said, “the malware activates itself and loads a phishing page to steal banking credentials.”
Godfather is a dangerous and adaptable threat for Android users
This latest iteration in the Godfather malware series illustrates just how dangerous and adaptable mobile threats have become. “By switching to native code and using fewer permissions,” the researchers said, “attackers have made Godfather harder to analyze and better at stealing sensitive information from banking and cryptocurrency applications.” Now targeting more Android apps in more countries, Godfather has proven that it is indeed an emerging threat to users around the world.
- Download and install software only from official Android app stores.
- Use a reputable antivirus and internet security software suite on your connected devices.
- Use strong passwords and implement multi-factor authentication wherever possible.
- Enable biometric security features such as fingerprint or facial recognition to unlock your mobile device where possible.
- Be careful about opening any links received by SMS or email sent to your phone.
- Be careful when enabling any permissions. Keep your devices, operating systems and applications up to date.
- Make sure Google Play Protect is enabled on Android devices.