Android Trojan Targets 400 Crypto and Finance Apps

Thursday, 22/12/2022 | 14:36 GMT by Damian Chmiel
  • Malware impersonates popular apps of banks, wallets and crypto exchanges.
  • It is most active in the US and Turkey.
JP Morgan

Users of popular banking and cryptocurrency apps for Android mobile devices should exercise extreme caution, warns Group-IB, a cybersecurity services provider. The GodFather, an Android banking trojan, has already infected over 400 apps worldwide.

Android Trojan Software Affecting Upwards of 16 Countries, 110 Crypto Platforms

The software is currently attacking users in 16 different countries. Confirmed infections include 215 banking apps, 94 cryptocurrency wallets and 110 crypto exchange platforms. The most documented cases of trojan activity were discovered in the United States, Turkey, Spain, Canada, France, Germany and the UK.

The trojan displays fake versions of popular financial and cryptocurrency applications on infected mobile devices. Unaware users provide fraudsters with sensitive personal data and face a heightened risk of losing their funds. In addition, GodFather allows hackers to record the screen of the victim's device, launch keyloggers, send SMS from an infected smartphone or tablet and bypass two-factor authentication.

"The emergence of Godfather underscores the ability of threat actors to edit and update their tools to maintain their effectiveness in spite of efforts by malware detection and prevention providers to update their products. Malicious actors can return to the source code, update out-of-date malware types, and in many ways, make them even more dangerous. With a tool like Godfather, threat actors are limited only by their ability to create convincing web fakes for a particular application," Artem Grischenko, a Junior Malware Analyst at Group-IB, commented.

According to the Group-IB findings, the malware code has interesting functionality that prevents it from attacking users from Russian-speaking and former Soviet Union countries. It may suggest that the creators of GodFather are from Russia or one of the ex-Soviet states.

Crypto Hackers Stole $3b in 2022

Although the price of popular cryptos is falling this year, the digital assets industry is still extremely popular among hackers. According to Chainalysis, the blockchain analytics company, traders and investors have lost over $3 billion to bad actors in 2022.

The largest attack in 2022 took place in March when more than $620 million in USDC and ETH was stolen from Ronin Network. Meanwhile, another hacker exploited a bug in the Wormhole protocol in February and stole $320 million in wrapped ETH.

Users of popular banking and cryptocurrency apps for Android mobile devices should exercise extreme caution, warns Group-IB, a cybersecurity services provider. The GodFather, an Android banking trojan, has already infected over 400 apps worldwide.

Android Trojan Software Affecting Upwards of 16 Countries, 110 Crypto Platforms

The software is currently attacking users in 16 different countries. Confirmed infections include 215 banking apps, 94 cryptocurrency wallets and 110 crypto exchange platforms. The most documented cases of trojan activity were discovered in the United States, Turkey, Spain, Canada, France, Germany and the UK.

The trojan displays fake versions of popular financial and cryptocurrency applications on infected mobile devices. Unaware users provide fraudsters with sensitive personal data and face a heightened risk of losing their funds. In addition, GodFather allows hackers to record the screen of the victim's device, launch keyloggers, send SMS from an infected smartphone or tablet and bypass two-factor authentication.

"The emergence of Godfather underscores the ability of threat actors to edit and update their tools to maintain their effectiveness in spite of efforts by malware detection and prevention providers to update their products. Malicious actors can return to the source code, update out-of-date malware types, and in many ways, make them even more dangerous. With a tool like Godfather, threat actors are limited only by their ability to create convincing web fakes for a particular application," Artem Grischenko, a Junior Malware Analyst at Group-IB, commented.

According to the Group-IB findings, the malware code has interesting functionality that prevents it from attacking users from Russian-speaking and former Soviet Union countries. It may suggest that the creators of GodFather are from Russia or one of the ex-Soviet states.

Crypto Hackers Stole $3b in 2022

Although the price of popular cryptos is falling this year, the digital assets industry is still extremely popular among hackers. According to Chainalysis, the blockchain analytics company, traders and investors have lost over $3 billion to bad actors in 2022.

The largest attack in 2022 took place in March when more than $620 million in USDC and ETH was stolen from Ronin Network. Meanwhile, another hacker exploited a bug in the Wormhole protocol in February and stole $320 million in wrapped ETH.

About the Author: Damian Chmiel
Damian Chmiel
  • 1979 Articles
  • 47 Followers
About the Author: Damian Chmiel
Damian's adventure with financial markets began at the Cracow University of Economics, where he obtained his MA in finance and accounting. Starting from the retail trader perspective, he collaborated with brokerage houses and financial portals in Poland as an independent editor and content manager. His adventure with Finance Magnates began in 2016, where he is working as a business intelligence analyst.
  • 1979 Articles
  • 47 Followers

More from the Author

CryptoCurrency

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}