A new Android banking virus called ‘The Godfather’ could infect millions of users in 16 countries. The virus targets more than 400 online banking sites and cryptocurrency exchanges.
The new Godfather trojan that has emerged has been discovered by Group-IB analysts, who believe it is the successor to Anubis. As those concerned will remember, Anubis was once used as a banking virus, but its use was shelved because it could not bypass Android’s security applications. The new Godfather virus clearly threatens Android and poses a serious risk for users in Turkey.
The Godfather trojan uses phishing methods that have been very popular lately. When users want to log into their banking or crypto exchange accounts, they are redirected to an HTML-based emulated site that is extremely well-crafted and difficult to distinguish from the original page. Thus, users’ login information (such as password) and other sensitive financial information are stolen.
Turkey is at Serious Risk!
According to the reports, the Godfather trojan is infiltrating your phone with fake Android applications. It is underlined that the Godfather is especially targeting users in Europe. It is also noteworthy that Turkey is among the serious risky countries. It is seen that more than 10 million downloaded applications called “MYT Music”, which are already in the Play Store, are imitated.
GodFather Android malware steals sensitive data like SMS, installed app data, basic device details and device phone number after successful installation on the device. Apart from these, it is also possible to control the device screen using VNC, forwarding incoming calls to the infected device and injecting banking URLs.
GodFather has been detected in more than 215 apps, and more than half of them are banking apps. Most of these apps target users in the United States (49), Turkey (31), Spain (30), Canada (22), France (20), Germany (19), and the United Kingdom (17). In addition to banking apps, The Godfather targets 110 cryptocurrency platforms and 94 cryptocurrency wallet apps.
There are Interesting Details
Interestingly, the trojan is configured to check and detect the system language. The virus stops working if the device language is set to Russian, Azerbaijani, Armenian, Belarusian, Kazakh, Kyrgyz, Moldovan, Uzbek or Tajik.
How to Protect Against GodFather Virus?
The new Godfather trojan uses a special and sophisticated encryption technique to evade existing anti-virus applications. Therefore, it is very difficult to detect. On the other hand, experts recommend downloading apps only from Google Play to protect against this threat. It is also important to keep Play Protect active.
How to prevent the transmission of viruses?
- Only download and install software from official app stores like Google Play Store or iOS App Store.
- Use a well-known anti-virus and internet security software package on your connected devices such as PCs, laptops and mobile devices.
- Use strong passwords and enforce multi-factor authentication wherever possible.
- Enable biometric security features such as fingerprint or facial recognition to unlock the mobile device whenever possible.
- Be careful when opening links that come to your phone via SMS or e-mail.
- Make sure Google Play Protect is enabled on Android devices.
- Be careful when enabling any permissions.
- Keep your devices, operating systems and applications up to date.