A malware is infecting applications and devices by imitating Google Protectthe protection tool android.
The Trojan is known as Godfather or The Godfather and is in more than 400 applications in Google Play Storeaccording to an investigation by The Hacker News.
The infected platforms include 215 international banks, 94 cryptocurrency wallets and 110 cryptocurrency exchanges in United States, Turkey, Spain, Canada, Germany, France and the United Kingdom.
It may interest you:
A virus that evolves
This malware was first detected in June 2021, but stopped appearing for a while until it struck again in recent months.
For its operation, The Godfather overlaps with real applications and in this way, it takes the data that users enter.
The methodology that is implemented is through the accessibility API of Android call Google Protectwhere they manage to record videos, review people’s clicks, take screenshots, take text messages, and trace calls.
The researchers discovered that the virus’s network infrastructure has a domain address and control from another application; in addition, to take the banking trojan Anubis as a base to improve their attack tools.
“Godfather developers also modified the Anubis traffic encryption algorithm, updated several functionalities such as the OTP of Google Authenticator and added a separate module to manage virtual network computing connections,” the researchers said.
The foregoing shows the level of complexity that the malware has by improving its protocols and communication capabilities for control, which has allowed it to spread to 16 countries.
It may interest you:
How to avoid falling for these attacks
Given the advance of this type of malware, users must know very well from where they download the applications in which they provide personal data, especially those related to banks. The best alternative is to go for the official stores of the phones like Google Play Store Y App Store.
But it is also essential to keep the cell phone updated so that it has all the available security patches provided by the manufacturer of the phone and the operating system.
In addition to reporting any anomaly in the use of banking platforms and stopping any process in the event of a cyber attack report.
Other banking malware identified
Another virus that is also attacking banking applications called zombinder. In this case, cybercriminals use Wi-Fi connection authorization applications, such as those that appear in hotels or public networks, to invite victims to download a supposed official platform that allows the connection to be established.
By installing the app on the cell phone, the malware has the ability to carry out different attacks such as stealing emails, verification codes, credentials, and the phrases that protect cryptocurrency wallets.
The virus is hidden in ‘zombie’ applications, hence its name. These platforms are not of any use to the user, but they do take care of infecting the device, even with third-party malware.