A new Android Trojan called The Godfather is circulating and poses a major security risk. Over 400 banking and crypto apps are affected.
Android Trojan Godfather Targets Banking Apps
Along with The Godfather, a new Trojan targeting more than 400 international banking apps is circulating between June 2021 and October 2022, according to security experts’ warnings. Germany has also been targeted, so Android users beware.
Trojans are especially dangerous because they use cloaked apps. According to security firm Group-IB, Godfather is built on the Anubis malware program and targets 215 international banks, 94 cryptocurrency wallets and 110 cryptocurrency trading platforms. Providers in the US, Turkey, Spain, Germany, or France are affected.
In Germany, a total of 19 companies in the financial sector were affected, but were not named in the security alert.
However, other states of the former Soviet Union other than Russia are also excluded from the loop, and the source code features do not cover that language. Developers are believed to be from these regions.
Why are godfathers dangerous?
The Godfather gets installed on your device via an unsafe app from the Google Play Store that bypasses Google’s security scans. By doing so, the Trojan manipulates fake notifications or generates fake queries that appear when he tries to open one of the affected apps.
In the process, Godfather logs all your inputs and can read SMS and push notifications, so unless you’re comfortable with this problem, you can unknowingly bypass two-factor authentication.
This is obviously how fake websites are layered on top of regular banking and cryptocurrency apps to send data to criminals upon login.
How to protect yourself from the banking Trojan Godfather
To protect yourself from The Godfather, you should generally not open suspicious email attachments or links and only install apps from trusted sources.
We also recommend that you keep your mobile device up-to-date with updates and always check permissions before installing apps. “Accessibility serviceIt is especially important here. Input support serviceas it is called in German, is used by The Godfather and many other Trojan or malware programs.