Godfather, the Godfather of Trojans stealing credentials from 400 banking and financial apps

Every now and then we learn of the existence of a banking Trojan which targets banking apps and which seeks to steal users’ qualifications by strategically hiding in Google Engage in..

Team-IB’s threat intelligence workforce has identified the existence of a Trojan that attempts to steal this accessibility facts from much more than 400 banking and cryptographic apps in 16 nations. They have dubbed this menace as ‘Godfather’ o ‘Godfather’.

In accordance to the firm, Godfather operates by producing sites that replicate the appear and really feel of all those of banks and exchanges. of cryptocurrencies and superimposing them on the screens of individuals contaminated gadgets when the user attempts to open a focus on application.

End users obtain these fraudulent internet pages by destructive targeted notifications. These internet websites are also launched when opening some of the authentic apps specific by Godfather.

30 Spanish companies have been specific

Specifically, the Trojan threatens customers of 30 organizations based in our country.49 US-based mostly entities, 31 companies dependent in Turkey, as well as fiscal provider suppliers and cryptographic apps in Italy, Canada, France, Germany, the United kingdom, Poland and other international locations.

The developers utilised the Anubis source code as a base and modernized it for more recent versions of Android.

This malware would be linked to Russia. Its code options performance that stops the Trojan from attacking people who speak Russian or one of the languages applied in the former Soviet Union.

The Godfather has been energetic given that at minimum 2021 and in September of this year it been given a important update. It is distributed by means of decoy apps hosted on Google Play, as is frequent in this sort of threat.