Godfather Is A Risk To Android Users Worldwide As 500 Apps Targeted

New threat intelligence analysis has confirmed that a new version of the Godfather banking trojan is targeting in excess of 500 Android banking and cryptocurrency apps as part of a global threat campaign. Here's what is known so far and how you can mitigate the Godfather risk.

NSA Says Restrict Windows And MacOS, Use Google, To Stop Attacks Android Users Warned That The Godfather Wants To Make A Malware Offer You Can't Refuse

The latest analysis by security researchers working at the Cyble Research and Intelligence Labs has identified a brand new variant of a particularly dangerous Android malware family known as Godfather.

The analysis has confirmed that the malware, a trojan that targets Android banking and cryptocurrency apps, has spread from an initial geographical base of the U.S., U.K., and Europe to include Azerbaijan, Greece, Japan and Singapore.

It also appears that the threat actors behind the Godfather malware have now transitioned away from the use of Java to a new native code implementation that relies heavily upon Android's accessibility services to execute the credential-stealing phase of the attack on targeted apps.

If all that wasn't bad enough, the mafioso malware can now even mimic user actions on infected Android devices with new gesture automation commands.

Gmail Users Beware—Link Hovering Attacks On The Up How The Mafioso Malware Delivers The Godfather's Malicious Message To Android Users

Given the sheer number of s around at the moment warning users of all operating system platforms about the danger of ongoing phishing campaigns , it should come as no surprise that social engineering is at the heart of the initial Godfather malware attack.

The Cyble Research and Intelligence Labs analysts identified a site, for example, purporting to be the official MyGov website of the Australian Government distributing a file linked to the Godfather malware. The threat actors even make use of a visitor counter to keep track of the numbers being duped so as to shape their ongoing attack strategy.

Once the malicious app is downloaded, it sends details of installed applications, language and SIM to a control server. If the user attempts to interact with any targeted Android application , the Godfather closes that app down and loads a fake bank or crypto URL instead using WebView. "Rather than launching the legitimate application," the security researchers said, "the malware activates itself and loads a phishing page to steal banking credentials."

New Password Hack Attack—LastPass, Chrome, Facebook, Netflix, PayPal Users At Risk The Godfather Is A Dangerous And Adaptable Threat To Android Users

This latest iteration in the Godfather malware series illustrates just how dangerous and adaptable mobile threats have become. "By moving to native code and using fewer permissions," the researchers said, "the attackers have made Godfather harder to analyze and better at stealing sensitive information from banking and cryptocurrency apps." Now that it targets more Android apps across more countries, the Godfather has proven it is truly an evolving risk to users worldwide.