The Federal Financial Supervisory Authority (BaFin) of Germany issued a warning on Monday regarding malware known as “Godfather,” which creates a fake version of a login screen for a banking or crypto platform to steal users’ personal data and funds.
In total, 400 banking and cryptocurrency apps, including those from German operators, are reportedly targeted by the financial malware, according to the warning released on January 9.
In a separate report released in December by Group-IB, one of the world’s leading cybersecurity companies, the malware more specifically targets 110 cryptocurrency exchanges, 94 cryptocurrency wallets, and 215 banking apps.
The threat actors utilizing Godfather, according to Group-IB’s report, try to steal victims’ login information and get around two-factor authentication in order to access victims’ accounts and drain their funds.
Access to the 2FA is made possible, as the spyware can intrude on SMS messages from the victim’s smartphone.
Godfather Only Works on Android Devices for Now
The German Federal Financial Supervisory Authority (BaFin) did not specify how the malware infects users’ devices, but Group-IB claimed that it imitates Google Protect in order to establish itself. It then falsely detects malware in Play Store installations and removes them from the list of installed applications.
Godfather can employ the Accessibility Service to further gain access to the device and retransmit data to hackers from the Android device it has taken over by imitating Google Protect.
However, BaFin did point out that the malware is known to send push notifications in order to obtain two-factor authentication codes. With this data, the cybercriminals may be able to gain access to consumers’ bank accounts and crypto wallets, the regulator noted.
In recent years, cryptojacking has become one of the most common ways to target crypto applications.
To avoid such phony apps, Android users are now advised to examine apps before installing them. In addition, Google Play Protect should be enabled.
According to Kaspersky Lab’s November estimates, 2023 will witness even more malware attacks, with the year expected to be dominated by cyber epidemics with the largest impact.