GodFather malware stealing banking credentials from Android phones

Android users are at risk due to the ‘GodFather’ malware, which is reportedly stealing banking credentials from phones. Experts at Group-IB security researchers have recently found that this Android malware has targeted users in 16 countries.

As per the information, after stealing users’ credentials and bypassing two-factor authentication, criminals access victims’ bank accounts and crypto wallets and then withdraw their money.

Follow Sammy Fans on Google News

Group-IB security researchers further report that as of October 2022, 215 international banks, 94 cryptocurrency wallets, and 110 crypto exchange platforms have fallen victim to Godfather malware.

Join SammyFans on Telegram

Moreover, the companies that are most targeted by the malware are located in the United States, Germany, the UK, France, Canada, Spain, and Turkey. Also, it is worth noting that the malware spares post-Soviet countries, which suggets that the Godfather’s developers are Russian speakers.

Furthermore, the Android Godfather malware is an updated version of the banking Trojan called Anubis, whose source code was leaked in 2019. As new versions of Android were released, and malware detection and prevention providers got up to speed, many Anubis features stopped working and got consigned to the dustbin of history.

Security researchers say that they don’t know how the Godfather malware infects devices. However, after analyzing the Trojan’s network infrastructure, they discovered a domain whose command-and-control address was related to an Android app.