There has been a new warning from tech experts about an Android virus which is stealing users’ bank details with hundreds of banks and cryptocurrency apps affected. The warning was issued after the resurgence of the ‘Godfather’ trojan virus, which is capable of obtaining usernames and passwords from infected phones.
Discover our latest podcast
The announcement came from a security team at Group-IB, who stated that there had been a huge rise in targeted attacks on users in 14 countries, including the UK and US, as per The Daily Express.
The Godfather
The Godfather is an Android banking trojan virus that can operate undetected on your device and has targeted users of more than 400 applications so far. It works by generating convincing web fakes and overlaying them on the screens of devices. When users enter their details, they give access to their accounts to the hackers, who can even bypass two-factor authentication with the information in some cases. Hackers then use the information to empty users’ bank or crypto accounts.
Since October 2022, 215 banks, 94 crypto wallet providers, and 110 crypto exchange platforms have been targeted by Godfather. Some of the functions of the virus include, as per Group-IB:
- Recording the screen of the victim’s device
- Establishing VNC connections
- Launching keyloggers
- Exfiltrating push notifications (for bypassing two-factor authentication); preceding versions of the Trojan also exfiltrated SMS messages
- Forwarding calls (for bypassing two-factor authentication)
- Executing USSD requests
- Sending SMS messages from infected devices
- Launching proxy servers
- Establishing WebSocket connections (added to the new, September 2022 version of Godfather).
Google Protect
Users are normally advised to use Google Protect to keep their phone safe, however this app has created a clever way of avoiding detection by the service. The app is able to create a Google Protect emulator, which looks like the real thing but when used, it just does a fake scan and reports no threats or infection.
The virus is being distributed via fake apps found online although it is thought that there have also been attempts to spread it on the official Google Play Store. Consequently users are being urged to be more vigilant than ever when downloading apps and to avoid fake apps altogether, as per The Daily Express.
It i's also prudent to check reviews and make sure the developers who have created the applications are reputable. It’s also good to check the permissions an app wants before installation and if something doesn’t make sense then it would be wise to err on the side of caution and not download the app.
Sources used:
- The Daily Express 'Terrifying Android bug may stop you downloading another app ever again'
- Group-IB 'The Godfather enters: banking Trojan targets users of more than 400 apps in 16 countries'