Home » Technology » Warning: This Android Malware can steal your banking credentials from your smartphone

Warning: This Android Malware can steal your banking credentials from your smartphone

A new Android banking malware known as “Godfather” has been identified by the experts at Cyble, Group-IB, and ThreatFabric. It is reported that this malware has affected users from over 16 countries. This banking malware is suspected to be the successor of Anubis. Where Anubis was a widely-used banking trojan by hackers.

As per the reports, the Godfather Android banking malware has stolen account credentials from around 400 online banking sites as well as cryptocurrency exchanges. This malware mimics the login screen presented on the app login forums of banking and cryptocurrency exchange. As soon as the user inputs login details, the information gets submitted to the hacker instead of the official website.

In 2021, Godfather was identified by ThreatFabric. In accordance with the recent reports by Cyble, the malware contains huge code changes. These changes enable the malware to cross the recent Android security measures. As soon as the malware identifies the affected endpoint and detects the app language is Russian, Azerbaijani, Armenian, Belarusian, Kazakh, Kyrgyz, Moldovan, Uzbek, or Tajik, it closes down. This might be due to the fact that malware developers are thought to be Russian.

As of now, no details about the actual number of affected devices are known. Since the Play Store is not the only location from where the credentials have been stolen. In addition to this, an app masks itself as MYT Müzik. It has around 10,000 downloads. When the app is downloaded, it requires permission for Google Protect and Accessibility Services.

As soon as a permission request is accepted, the app gains access to the user’s SMS and notifications. It begins recording the screen. Furthermore, it collects call lists, contacts, and more. Almost 215 banking apps have been affected by the Godfather Android malware. Most of the apps are based in the following regions: the USA (49), Germany (19), Turkey (31), France (20),  Spain (30), Canada (22),  and the UK (17). In addition to this, Godfather malware has affected 110 cryptocurrency exchange platforms and 94 cryptocurrency wallet apps.