2 weeks Ago
Godfather malware is threatening 500 Android apps New threat intelligence analysis has confirmed that a new version of the Godfather banking trojan is targeting in excess of 500 Android banking and cryptocurrency apps as part of a global threat campaign. Here’s what is known so far and how you can mitigate the Godfather risk. Android Users Warned That The Godfather Wants To Make A Malware Offer You Can’t Refuse The latest analysis by security researchers working at the Cyble Research and Intelligence Labs has identified a brand new variant of a particularly dangerous Android malware family known as Godfather.
The analysis has confirmed that the malware, a trojan that targets Android banking and cryptocurrency apps, has spread from an initial geographical base of the U.S., U.
K., and Europe to include Azerbaijan, Greece, Japan and Singapore. It also appears that the threat actors behind the Godfather malware have now transitioned away from the use of Java to a new native code implementation that relies heavily upon Android’s accessibility services to execute the credential-stealing phase of the attack on targeted apps.
If all that wasn’t bad enough, the mafioso malware can now even mimic user actions on infected Android devices with new gesture automation commands. Today’s NYT Mini Crossword Answers For Friday, November 8 Can Trump Fire Jerome Powell? Fed Chairman Says He Won’t Resign If Trump Asks Federal Judge Strikes Down Biden Program Offering Legal Status To Undocumented Spouses Of U.S.
Citizens How The Mafioso Malware Delivers The Godfather’s Malicious Message To Android Users Given the sheer number of articles around at the moment warning users of all operating system platforms about the danger of ongoing phishing campaigns , it should come as no surprise that social engineering is at the heart of the initial Godfather malware attack. The Cyble Research and Intelligence Labs analysts identified a site, for example, purporting to be the official MyGov website of the Australian Government distributing a file linked to the Godfather malware. The threat actors even make use of a visitor counter to keep track of the numbers being duped so as to shape their ongoing attack strategy.
Once the malicious app is downloaded, it sends details of installed applications, language and SIM to a control server. If the user attempts to interact with any targeted Android application , the Godfather closes that app down and loads a fake bank or crypto URL instead using WebView. “Rather than launching the legitimate application,” the security researchers said, “the malware activates itself and loads a phishing page to steal banking credentials.
” The Godfather Is A Dangerous And Adaptable Threat To Android Users This latest iteration in the Godfather malware series illustrates just how dangerous and adaptable mobile threats have become. “By moving to native code and using fewer permissions,” the researchers said, “the attackers have made Godfather harder to analyze and better at stealing sensitive information from banking and cryptocurrency apps.” Now that it targets more Android apps across more countries, the Godfather has proven it is truly an evolving risk to users worldwide.
.
