Germany’s financial regulator BaFin has warned the public about the new Godfather virus. This is a virus for Android mobile phones that steals cryptocurrency app data.
According to the regulator, at the moment Godfather can steal data from about 400 banking and cryptocurrency applications, and not only German ones. The list includes applications from 200 banks, 100 cryptocurrency exchanges and 94 wallets.
The Godfather virus replaces real applications and websites of banks and cryptocurrency platforms with its pages. The user enters their passwords, the virus steals them, and the attackers transfer funds to their accounts. In addition, the virus can read SMS on the user’s phone, which allows hackers to bypass two-factor authentication.
Hackers have embedded Google Protect tool certificates into Godfather, so the virus can access the Accessibility settings on the phone. Thus, he gets the opportunity to capture an image from the phone screen, intercept all input data, and so on.
“It is not yet clear how exactly the malware got onto users’ smartphones,” the department said in a statement.
Most likely, cybercriminals distribute the virus under the guise of legitimate applications on Google Play. Some users may have downloaded the infected apk file to their smartphone on their own.
Interestingly, the virus does not work on phones where the main language is set to Uzbek, Russian, Azerbaijani, Kazakh, Kyrgyz, Armenian, Tajik, Belarusian or Moldovan.
In early December, it was reported that attacks were being carried out on cryptocurrency investors using groups in the Telegram messenger.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
