Status: 09.01.2023 4:21 p.m
Godfather malware attacks hundreds of banking and crypto apps. According to the financial supervisory authority BaFin, input from users is recorded, including from German operators.
The financial supervisory authority BaFin warns consumers of the “Godfather” malware. BaFin said it was attacking 400 banking and crypto apps and recording user input. In addition to operators from the USA, Turkey, Spain, Canada, France and Great Britain, Germany is also affected. What these are specifically remains unclear.
Fake pages of banking and crypto apps
The malware ensures that consumers are shown fake websites from regular banking and crypto apps. “If consumers log in via these websites, their login data will be transmitted to the cyber criminals,” explains the supervisory authority.
“Godfather” is also said to get codes for two-factor authentication with fake push notifications. With this data, the cyber criminals could potentially access consumer accounts and wallets. How exactly the terminal bones become infected with the virus remains unclear to the supervisors.
origin unknown
According to British news website The Register, security experts discovered a domain in the malware’s network infrastructure whose command and control address belonged to an Android app. Therefore, the origin could come from a malicious application from the Google Play Store.
A report by the industry magazine “t3n” shows that the malware has already been found on Android devices in 16 countries. “Godfather” was first spotted in 2021. However, according to Cyble specialists, the software has since undergone a major overhaul and is now able to bypass current Android system security measures.