A new, more stealthy version of the GodFather malware targets 500 banking and cryptocurrency applications using proprietary code and fake login URLs.
Among the changes is the abandonment of traditional overlay attacks and the use of fake login URLs that are downloaded via phishing pages. This variant of the malware has expanded its attack zone to include Japan, Singapore, Greece and Azerbaijan, in addition to already known target countries such as the US, Turkey and Italy. The malware uses accessibility services to automate actions on infected devices and mimic user actions to steal data.
Like similar malware, GodFather poses a serious threat to the security of mobile applications, especially financial ones. Malware often uses fake login pages and fake apps to trick users into entering sensitive data. Cyble was able to identify GodFather on a phishing site that pretended to be the official Australian government MyGov site, another example of the attackers’ sophisticated tactics. Researchers recommend downloading applications only from official stores, regularly updating software, using antivirus and multi-factor authentication.
A new variant of the GodFather malware highlights the growing threat to mobile app users, especially in the financial sector. Expanding the geography of attacks and using new methods of action make it more dangerous, and users – more vigilant.