The German Federal Financial Supervisory Authority (BaFin) has warned about the Godfather virus, which infects Android smartphones. The Trojan allows hackers to retrieve credentials from banking and cryptocurrency applications through fake login pages.
German financial watchdog warns of Godfather virus
The German financial watchdog, known as the Federal Financial Supervisory Authority (BaFin) has warned of the Godfather virus, a malware that attacks banking and cryptocurrency applications. The number of targeted applications is said to be 400.
However, relatively little information is available about how Godfather infects devices, and which specific platforms it targets. Once the device is infected, the virus is said to generate fake versions of the login pages of real applications. When a user tries to log in, the information will be passed on to hackers in order to steal funds from the real accounts.
Notifications can also be sent to the victim’s device to prompt them to enter their double authentication code, in order to retrieve it as well.
Last December, the cybersecurity company Group-IB had already warned on the subject, estimating that the Godfather virus would operate since June 2021, and would be an improved version of the Anubis Trojan, which presented a similar operation:
Group-IB’s ThreatIntelligence detected more than 400 international financial companies targeted by the Godfather Android banking Trojan between June 2021 and October 2022. Godfather’s predecessor is another banking Trojan named Anubis:https://t.co/Kf2IGvrLnk pic.twitter.com/JERnAuNfAC
– Group-IB Global (@GroupIB_GIB) December 21, 2022
Godfather is said to target Android-based smartphones, whose updates have been used to fight Anubis.
How to protect yourself from it
Unfortunately, there is no magic bullet to eliminate the risk of your device being infected. However, IB Group has noticed that this can happen through downloading third-party applications from the Play Store. It is therefore important to be sure of the application you want to download.
Furthermore, it should be noted that a virus such as Godfather could very well be found in archives found for free on the web, while the application it hosts is supposed to be paid for.
In addition to two-factor authentication (2FA), it may be worthwhile to add a physical validation mechanism on applications that deal with money. For example, YubiKey from the company Yubiko plugs into a USB port and serves as additional security when logging into a service.
In addition to protecting wallets, Ledger’s hardwares wallet can also fulfil this role, thanks to the Fido U2F application. This application allows to validate a connection physically to access an account, an email address or some social networks. This application is installed from Ledger Live:
Figure 1 – Fido U2F on Ledger Live
Some exchanges like Binance allow you to activate physical validation when withdrawing funds. To do this you need to go to the security settings:
Figure 2 – Binance security menu
Regarding double authentication by email, more and more platforms also allow you to set up a keyword, which will be recalled in the email to make sure it is not a phishing attempt. In general, caution when downloading an application is still the best advice
