Order the brand new: Galaxy S23 FE, Galaxy Buds FE or Galaxy SmartTag 2023! Smartphone of the year Galaxy S23 Ultra!

SamMobile has affiliate and sponsored partnerships. If you buy something through one of these links, we may earn a commission.

Beware of this Android malware that steals banking credentials from your phone

General
By 

Last updated: December 23rd, 2022 at 12:46 UTC+01:00

Update: A Google spokesperson has reached out with the following comment: “Google Play Protect checks Android devices with Google Play Services for potentially harmful apps from other sources. Users are protected by Google Play Protect, which blocks these identified malicious apps on Android devices.”

Experts at Group-IB, ThreatFabric, and Cyble have found a new Android banking malware called “Godfather” that has targeted users in 16 countries. The banking malware is speculated to be the successor of Anubis, which itself was once a very widely-used banking trojan by hackers.

According to reports, the Godfather Android banking malware has been targeting users in 16 countries by stealing their account credentials for over 400 online banking sites and cryptocurrency exchanges. It can mask itself as the login screen on top of the banking and cryptocurrency exchange websites' app login forums. When the user inputs his/her credentials, the information isn't submitted to the official website but is submitted to the hackers.

ThreatFabric spotted the Godfather banking malware in 2021, but according to the latest report by Cyble, the malware has undergone massive code changes and can now bypass the latest Android security measures. When the malware detects the affected endpoint and determines that the app language is Russian, Azerbaijani, Armenian, Belarusian, Kazakh, Kyrgyz, Moldovan, Uzbek, or Tajik, it shuts down. This is because the developers of this malware are believed to be of Russian origin.

The actual numbers of the infected devices aren't known yet, because infection via the Play Store is not the only way this malware has stolen banking and crypto exchange information from users. However, thanks to Cyble, one of the infected apps masks itself as MYT Müzik and has over 10 million downloads. Once downloaded, the app asks for permissions such as Google Protect and Accessibility Services.

After the permissions are granted, the app takes over the victim's SMS and notifications and starts recording the screen. It also extracts contacts, call lists, and more. The Godfather Android malware has targeted 215 banking apps, and most of them are located in the USA (49), Turkey (31), Spain (30), Canada (22), France (20), Germany (19), and the UK (17). Other targets of the Godfather malware include 110 cryptocurrency exchange platforms and 94 cryptocurrency wallet apps.

myt-muzik

General AndroidCanadaFranceGermanyMalwarePlay StoreRussiaspainTurkeyUKUSA

You might also like

Samsung TV Plus gets three new channels from Blue Ant Media

Samsung TV Plus gets three new channels from Blue Ant Media

Samsung is bringing three new channels to its AVoD (Advertising Video on Demand) TV Plus platform. The company is expanding its partnership with Blue Ant Media through a multi-year agreement to launch three channels, including Homeful, HauntTV, and Love Pets, in several markets. Homeful is a TV channel focused on home renovation and design. Thanks […]

  • By Mihai Matei
  • 19 hours ago
Samsung might have a problem as Canon unveils 5nm chip tech

Samsung might have a problem as Canon unveils 5nm chip tech

Samsung Foundry and TSMC are the only firms in the world that can make advanced semiconductor chips using 7nm or better fabrication technologies. Both these firms buy ultra-expensive chip manufacturing equipment from ASML, a Netherlands-based firm that makes EUV lithography systems. However, a new player has now emerged in the chip fabrication equipment space: Canon. […]

  • By Asif Iqbal Shaik
  • 21 hours ago
Galaxy S23 gets October 2023 security update in the US

Galaxy S23 gets October 2023 security update in the US

Samsung has released the October 2023 security update to the factory-unlocked Galaxy S23 series phones in the US. The international variants of the phones received this update last week. This could be the last minor software update before the impending release of the stable Android 14 update that is expected to reach Galaxy S23 phones […]

  • By Asif Iqbal Shaik
  • 1 day ago
Galaxy S23 gets yet another Android 14 One UI 6.0 beta update

Galaxy S23 gets yet another Android 14 One UI 6.0 beta update

Are we being too optimistic in thinking the stable release of Android 14 and One UI 6.0 for the Galaxy S23 series is right around the corner? Probably, because it seems Samsung still isn't done fixing all the issues and has released yet another One UI 6.0 beta update for the Galaxy S23, S23+, and […]

  • By Abhijeet Mishra
  • 3 days ago
New Samsung video series wants to guide entrepreneurs to success

New Samsung video series wants to guide entrepreneurs to success

Samsung has launched a new YouTube video series from its SmartThings Home, located at its headquarters in the UK. The series, called 9 Minute Mentors, aims to teach the next generation of entrepreneurs about the value of time. Samsung UK & Ireland announced the new video series today. It's a three-part series, and the first […]

  • By Mihai Matei
  • 4 days ago
Galaxy S24 Ultra Snapdragon performance numbers finally revealed!

Galaxy S24 Ultra Snapdragon performance numbers finally revealed!

The Galaxy S24 Ultra is expected to exclusively use the Snapdragon 8 Gen 3 processor worldwide. While the chipset is yet to be unveiled, we may have the first look at its performance in CPU-bound tasks, thanks to the USA variant of the Galaxy S24 Ultra that was spotted in Geekbench's database. Galaxy S24 Ultra […]

  • By Asif Iqbal Shaik
  • 5 days ago