GodFather Android Malware Targets 400 Banks, Crypto Exchanges

An Android banking malware named 'Godfather' has been targeting users in 16 countries, attempting to steal account credentials for over 400 online banking sites and cryptocurrency exchanges. From a report: The malware generates login screens overlaid on top of the banking and crypto exchange apps' login forms when victims attempt to log in to the site, tricking the user into entering their credentials on well-crafted HTML phishing pages.

The Godfather trojan was discovered by Group-IB analysts, who believe it is the successor of Anubis, a once widely-used banking trojan that gradually fell out of use due to its inability to bypass newer Android defenses. ThreatFabric first discovered Godfather in March 2021, but it has undergone massive code upgrades and improvements since then. Also, Cyble published a report yesterday highlighting a rise in the activity of Godfather, pushing an app that mimics a popular music tool in Turkey, downloaded 10 million times via Google Play.

OK, so...

[drinkypoo]

Where's the list of institutions targeted? It wasn't immediately obvious from the linked article, or the article linked from that either

Re:

[rotorbudd]

Looks like even if the institution isn't on the list it will use a logger to get info. So, the victim is screwed either way

Re:

[fbobraga]

it's a FUD article...

Permissions

[The-Ixian]

Wouldn't the app need special permission for overlaying a UI?

The overlay permission is one of those special permissions that you have to jump through hoops to allow, it's not just a simple "single press" interaction, at least on my Pixel 6.

Re:

[devslash0]

In my experience the general public is not aware of what most permissions mean and bindly accept anything presented in front of them.

Does android power web sites?

[fredrated]

I thought it was just a phone os.