Dwelling › Cellular Safety

Godfather Android Banking Trojan Focusing on Over 400 Functions

By Ionut Arghire on December 22, 2022

Tweet

The Godfather Android banking trojan has been noticed focusing on over 400 banking and crypto purposes in 16 international locations, risk intelligence agency Group-IB warns.

Godfather was initially noticed in June 2021 and is believed to be the successor of the Anubis banking trojan, probably constructed on prime of the Anubis supply code that leaked in 2019.

In comparison with Anubis, Godfather options up to date command-and-control (C&C) communication and implementation, a modified visitors encryption algorithm, a brand new module for managing digital community computing (VNC) connections, and up to date performance comparable to Google Authenticator OTPs.

On the contaminated units, the trojan makes use of net overlays (convincing pretend HTML pages which can be displayed on prime of the official purposes) to steal login credentials, bypass two-factor authentication (2FA), and achieve entry to the sufferer’s account.

The malware may also report the gadget’s display, create VNC connections, launch a keylogger, exfiltrate push notifications and SMS messages (to bypass 2FA), ship SMS messages, ahead calls, execute USSD requests, launch proxy servers, allow silent mode, and set up WebSocket connections.

Godfather is probably going distributed by way of malicious downloader purposes hosted on Google Play and might imitate Google Shield, however with out offering the precise scanning performance. The risk can be distributed utilizing the malware-as-a-service (MaaS) mannequin, Group-IB says.

After an infection, the trojan achieves persistence on the gadget, creates a pinned notification, and hides its icon. It additionally requests entry to the Accessibility service, which, as soon as granted, permits it to situation itself the permissions it must function unobstructed on the gadget.

The risk collects gadget data and sends it to its C&C server, together with community operator title and nation code, cellphone standing, default gadget consumer agent, bot ID, put in purposes, Android model, gadget mannequin, and particulars on whether or not required permissions have been granted.

As of October 2022, Godfather has focused customers of 215 banks, 94 crypto wallets, and 110 crypto exchanges, Group-IB says. Many of the focused banks are within the US (49), Turkey (31), and Spain (30), however the malware additionally targets banking purposes in Canada (22), France (20), Germany (19), and the UK (17).

Godfather seems to be operated by Russian cybercriminals, because it stops its malicious routine if it detects a language used within the former Soviet Union international locations, together with Russia, Azerbaijan, Armenia, Belarus, Kazakhstan, Kyrgyzstan, Moldova, Tajikistan, and Uzbekistan.

Associated: ‘MaliBot’ Android Malware Steals Monetary, Private Info

Associated: Backdoors Discovered on Counterfeit Android Telephones

Associated: New ‘Ginp’ Android Trojan Targets Credentials, Cost Card Knowledge

Get the Every day Briefing

• Most Current
• Most Learn

• Godfather Android Banking Trojan Focusing on Over 400 Functions
• Cyber Insurance coverage Analytics Agency CyberCube Raises $50 Million
• Important Vulnerabilities Present in Passwordstate Enterprise Password Supervisor
• Russian APT Gamaredon Adjustments Techniques in Assaults Focusing on Ukraine
• Is Enterprise VPN on Life Assist or Ripe for Reinvention?
• Two Males Arrested for JFK Airport Taxi Hacking Scheme
• Ransomware Makes use of New Exploit to Bypass ProxyNotShell Mitigations
• Important Vulnerability in Hikvision Wi-fi Bridges Permits CCTV Hacking
• Industrial Large Thyssenkrupp Once more Focused by Cybercriminals
• Congress Strikes to Ban TikTok From US Authorities Units

Searching for Malware in All of the Improper Locations?

First Step For The Web’s subsequent 25 years: Including Safety to the DNS

Tattle Story: What Your Pc Says About You

Be in a Place to Act By means of Cyber Situational Consciousness

Report Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant

2010, A Nice 12 months To Be a Scammer.

Do not Let DNS be Your Single Level of Failure

Tips on how to Determine Malware in a Blink

Defining and Debating Cyber Warfare

The 5 A’s that Make Cybercrime so Enticing

Tips on how to Defend In opposition to DDoS Assaults

Safety Budgets Not in Line with Threats

Anycast – Three Causes Why Your DNS Community Ought to Use It

The Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering Organizations

Utilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous Enterprise

Orbit Brain

http://orbitbrain.com/

Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy ways
and much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.