Germany’s Federal Financial Supervisory Authority (BaFin) has warned consumers about “Godfather” malware attacks.
On Monday (Jan. 9), the regulator said that around 400 banking and crypto apps had already been affected by the malware. Once it has infected a device, Godfather then displays fake banking and crypto websites to compromise users’ login data and transfer it to criminals.
It added that the malware is also able to push notifications to get the codes for two-factor authentication, enabling hackers to gain access to consumers’ accounts and wallets.
Godfather is a type of Trojan that infects devices running the Android operating system in which the cybersecurity firm Group-IB claims to have first detected in June 2021. According to Group-IB, ThreatFabric was the first to mention the Godfather banking Trojan publicly in March last year and in June, the malware suddenly disappeared.
Group-IB analysts believe that Godfather was taken out of use so that developers could update it and when it resurfaced in September it had been slightly modified.
The firm said that over 400 international financial companies were targeted by the Godfather banking Trojan between June 2021 and October 2022.
Targets include 49 U.S.-based companies, 31 Turkish-based companies and 30 Spanish-based companies. Other countries that were among the most affected include Canada, France, Germany, the U.K., Italy and Poland. Half of the targeted companies were banks, but cryptocurrency wallets and exchanges were also impacted.
Interestingly, if the infected Android system’s preferences are set to the Russian language, Godfather shuts down. The same rule applies to other languages spoken in the Commonwealth of Independent States (CIB): Azerbaijani, Armenian, Belarusian, Kazakh, Kyrgyz, Moldovan, Uzbek and Tajik.
From this, Group-IB has speculated that the malware’s developers could be Russian speakers.
Regardless of its origins, the Godfather Trojan is far more sophisticated than a basic phishing attack. As well as overlaying fake apps onto devices, it is able to take control of a device’s settings, send fake push notifications and capture incoming messages to bypass financial security measures, hence BaFin’s concerns.
For all PYMNTS EMEA coverage, subscribe to the daily EMEA Newsletter.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More