A notorious banking malware that targets the best Android phones has returned with new capabilities that make it even easier for hackers to siphon off your hard-earned cash.
As reported by Infosecurity Magazine, an updated version of the Godfather malware has been spotted online by the mobile security firm Zimperium.
Back when I first reported on this malware several years ago, it was being used by hackers to target popular banking and finance apps in countries around the world. At that time, Godfather primarily used overlay attacks to trick unsuspecting users into entering their usernames and passwords. These credentials were then used to log into their financial accounts to steal both cash and cryptocurrency.
Now though, the Godfather malware is back with a major upgrade that allows it to create virtualized versions of legitimate apps to commit fraud in real-time.
Here’s everything you need to know about this new malware threat along with some tips and tricks on how you can keep your devices and financial accounts safe from hackers.
From overlays to virtualized apps
Overlay attacks can definitely be convincing and many Android users have fallen for them in the past. However, as they require copying a banking or crypto app’s user interface and branding perfectly, this can be a lot of extra work.
To appear more convincing while making things easier for hackers, Godfather now launches virtual instances of targeted apps from within a sandboxed environment on vulnerable Android smartphones. That way, instead of having to rely on potential victims enabling the necessary permissions, the malware can now essentially clone financial apps to more easily steal credentials from potential victims.
The implication here is also huge since due to this new attack method, you can’t even trust the legitimate apps you have installed on your phone. Likewise, doing things this way allows the Godfather malware to evade detection.
Before creating virtual versions of banking and financial apps, the malware first scans an infected device to see which apps a victim actually has on their smartphone. From there, it compares a user’s installed apps against a list of targeted apps. If one of the targeted apps is found, Godfather creates a virtualized version of it that launches when a user tries to run the legitimate app.
Depending on which banking or financial app is being targeted, the malware has several different methods for stealing a user’s credentials. At the same time, it’s also able to steal the PIN or unlock pattern for an Android smartphone. Unsurprisingly, Godfather does this by using a fake overlay that’s designed to mimic a user’s actual lock screen.
To make matters worse, this malware is also able to remotely control an infected device using a number of different commands. This lets the hackers behind this campaign commit real-time fraud on an infected device oftentimes without a victim’s knowledge. For instance, with a phone’s PIN or unlock pattern, they could unlock the device when it’s in a victim’s pocket or charging overnight and steal their passwords and cash without anything seeming amiss.
How to stay safe from Android malware
Fortunately (at least for now), this upgraded version of the Godfather malware has only been used in attacks targeting Turkish Android users according to Zimperium’s report on the matter. However, this could easily change and the hackers behind this campaign could branch out to target users in other countries like the U.S., the U.K. or Canada.
As such, you’re going to want to take steps now to protect your Android smartphone and any banking or financial data it contains. The easiest way to stop Godfather and other Android malware strains in their tracks is to turn off an Android smartphone’s ability to install apps from unknown sources. This feature is disabled by default but if you’ve turned it on, you’re going to want to turn it off right now.
Many malware strains use malicious apps as a means to gain entry to a vulnerable Android smartphone and Godfather is no different. You also want to be wary about files sent to you via email or on social media as they could also contain malware.
For this reason, you want to make sure that Google Play Protect is enabled on your smartphone as this pre-installed security app can scan all of your existing apps and any new ones you download for malware. If you want extra protection though, you can always run one of the best Android antivirus apps alongside it.
Another useful step you can take to stay safe is to limit the number of apps installed on your phone overall. Since even good apps can go bad, having too many apps on your phone puts you at greater risk. Besides deleting unused apps, you also want to ask yourself whether or not you really need a new app before installing it.
Banking malware is dangerous enough on its own but now that Godfather can create virtualized copies of legitimate Android banking and financial apps, we could soon see other malware strains implementing this capability too. Thankfully, Google always tries to stay one step ahead of hackers and often updates Android to prevent these kinds of attacks from being possible in the first place. This is why you should always update your Android smartphone as soon as new software becomes available. And if you’re phone isn’t receiving updates anymore, then it’s certainly time for an upgrade.
More from Tom's Guide
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
