Godfather: the virus that would target 400 banking and cryptocurrency applications

The German Federal Financial Supervisory Authority (BaFin) has warned about the Godfather virus, which infects Android smartphones. This Trojan horse allows hackers to recover banking and cryptocurrency application credentials through fake login pages.

The German financial policeman warns of the Godfather virus

The German financial policeman, known as the Federal Financial Supervisory Authority (BaFin) has alerted to the Godfather virus, a malware that attacks banking and cryptocurrency applications. The number of targeted applications would be 400.

However, relatively little information is available about how Godfather infects devices, and the specific platforms it targets. Once the device is infected, the virus would generate fake versions of the login pages of genuine apps. When a user tries to log in, the information will be passed on to hackers in order to steal the funds present in the real accounts.

Notifications can also be sent to the victim’s device in order to invite him to enter his double authentication code, in order to recover the latter as well.

Last December, the cybersecurity company Group-IB had already alerted on the subject, estimating that the Godfather virus would operate since June 2021, and would be an improved version of the Anubis Trojan, which presented a similar operation:

Group-IB’s #ThreatIntelligence detected more than 400 international financial companies targeted by the #Godfather #Android banking #Trojan between June 2021 and October 2022. Godfather’s predecessor is another #banking Trojan named #Anubis:https://t.co/Kf2IGvrLnk pic.twitter.com/JERnAuNfAC

— Group-IB Global (@GroupIB_GIB) December 21, 2022

Godfather would target smartphones running on Android, whose updates had just made it possible to fight Anubis.

How to protect yourself from it?

Unfortunately, there is no miracle recipe to eliminate the risk of your device becoming infected. However, Groupe IB noticed that this could happen by downloading third-party apps from the Play Store. It is then necessary to be sure of the application that one wishes to download.

In addition, note that a virus like Godfather could very well be found in archives found free on the Web, while the application it hosts is supposed to be paid for.

In addition to two-factor authentication (2FA), it may be interesting to add a physical validation mechanism to applications that involve money. For example, YubiKeys from the Yubiko company plugs into a USB port and serve as additional security when connecting to a service.

In addition to protecting wallets, Ledger hardware wallets can also fulfill this role, thanks to the Fido U2F application. This allows you to validate a physical connection to access an account, an email address, or certain social networks. This application installs from Ledger Live.

Some exchanges like Binance allow you to enable physical validation when withdrawing funds. To do this, go to the security settings.

Regarding double authentication by email, more and more platforms also allow you to configure a keyword, which will be recalled in the email to be sure that it is not a phishing attempt. Generally speaking, caution when downloading an app is still the best advice.