Home » Godfather: the virus reportedly targeting 400 banking and cryptocurrency apps

Godfather: the virus reportedly targeting 400 banking and cryptocurrency apps

by Patricia

The German Federal Financial Supervisory Authority (BaFin) has warned about the Godfather virus, which infects Android smartphones. The Trojan allows hackers to retrieve credentials from banking and cryptocurrency applications through fake login pages.

German financial watchdog warns of Godfather virus

The German financial watchdog, known as the Federal Financial Supervisory Authority (BaFin) has warned of the Godfather virus, a malware that attacks banking and cryptocurrency applications. The number of targeted applications is said to be 400.

However, relatively little information is available about how Godfather infects devices, and which specific platforms it targets. Once the device is infected, the virus is said to generate fake versions of the login pages of real applications. When a user tries to log in, the information will be passed on to hackers in order to steal funds from the real accounts.

Notifications can also be sent to the victim’s device to prompt them to enter their double authentication code, in order to retrieve it as well.

Last December, the cybersecurity company Group-IB had already warned on the subject, estimating that the Godfather virus would operate since June 2021, and would be an improved version of the Anubis Trojan, which presented a similar operation:

Godfather is said to target Android-based smartphones, whose updates have been used to fight Anubis.

How to protect yourself from it

Unfortunately, there is no magic bullet to eliminate the risk of your device being infected. However, IB Group has noticed that this can happen through downloading third-party applications from the Play Store. It is therefore important to be sure of the application you want to download.

Furthermore, it should be noted that a virus such as Godfather could very well be found in archives found for free on the web, while the application it hosts is supposed to be paid for.

In addition to two-factor authentication (2FA), it may be worthwhile to add a physical validation mechanism on applications that deal with money. For example, YubiKey from the company Yubiko plugs into a USB port and serves as additional security when logging into a service.

In addition to protecting wallets, Ledger’s hardwares wallet can also fulfil this role, thanks to the Fido U2F application. This application allows to validate a connection physically to access an account, an email address or some social networks. This application is installed from Ledger Live:

Figure 1 - Fido U2F on Ledger Live

Figure 1 – Fido U2F on Ledger Live

Some exchanges like Binance allow you to activate physical validation when withdrawing funds. To do this you need to go to the security settings:

Figure 2 - Binance security menu

Figure 2 – Binance security menu

Regarding double authentication by email, more and more platforms also allow you to set up a keyword, which will be recalled in the email to make sure it is not a phishing attempt. In general, caution when downloading an application is still the best advice

Related Posts

Leave a Comment