Alert, Galaxy A54 and Galaxy S23 series deals available! | Follow SamMobile on Google News now!

SamMobile has affiliate and sponsored partnerships. If you buy something through one of these links, we may earn a commission. Learn more.

Beware of this Android malware that steals banking credentials from your phone

General
By 

Last updated: December 23rd, 2022 at 12:46 UTC+01:00

Update: A Google spokesperson has reached out with the following comment: “Google Play Protect checks Android devices with Google Play Services for potentially harmful apps from other sources. Users are protected by Google Play Protect, which blocks these identified malicious apps on Android devices.”

Experts at Group-IB, ThreatFabric, and Cyble have found a new Android banking malware called “Godfather” that has targeted users in 16 countries. The banking malware is speculated to be the successor of Anubis, which itself was once a very widely-used banking trojan by hackers.

According to reports, the Godfather Android banking malware has been targeting users in 16 countries by stealing their account credentials for over 400 online banking sites and cryptocurrency exchanges. It can mask itself as the login screen on top of the banking and cryptocurrency exchange websites’ app login forums. When the user inputs his/her credentials, the information isn’t submitted to the official website but is submitted to the hackers.

ThreatFabric spotted the Godfather banking malware in 2021, but according to the latest report by Cyble, the malware has undergone massive code changes and can now bypass the latest Android security measures. When the malware detects the affected endpoint and determines that the app language is Russian, Azerbaijani, Armenian, Belarusian, Kazakh, Kyrgyz, Moldovan, Uzbek, or Tajik, it shuts down. This is because the developers of this malware are believed to be of Russian origin.

The actual numbers of the infected devices aren’t known yet, because infection via the Play Store is not the only way this malware has stolen banking and crypto exchange information from users. However, thanks to Cyble, one of the infected apps masks itself as MYT Müzik and has over 10 million downloads. Once downloaded, the app asks for permissions such as Google Protect and Accessibility Services.

After the permissions are granted, the app takes over the victim’s SMS and notifications and starts recording the screen. It also extracts contacts, call lists, and more. The Godfather Android malware has targeted 215 banking apps, and most of them are located in the USA (49), Turkey (31), Spain (30), Canada (22), France (20), Germany (19), and the UK (17). Other targets of the Godfather malware include 110 cryptocurrency exchange platforms and 94 cryptocurrency wallet apps.

myt-muzik

General AndroidCanadaFranceGermanyMalwarePlay StoreRussiaspainTurkeyUKUSA
Load 0 comments

You might also like

Galaxy A52s gets a new One UI 5.1 update in more markets

Galaxy A52s gets a new One UI 5.1 update in more markets

Samsung is finally getting serious about the One UI 5.1 update for the Galaxy A52s. Initially, the phone got One UI 5.1 in Korea at the beginning of March, but Samsung is now turning its attention to the Galaxy A52s in more markets. It is now bringing numerous new features and improvements to the Galaxy […]

  • By Mihai Matei
  • 3 hours ago
Samsung hacks photo booth to demonstrate the power of 200MP

Samsung hacks photo booth to demonstrate the power of 200MP

Samsung created a new clever marketing campaign to promote the Galaxy S23 flagship series, wherein the company used its powerful ISOCELL HP2 200MP sensor for a candid camera moment. The company hacked a photo booth with its 200MP image sensor and prepared a huge surprise — quite literally — for the people who stepped inside […]

  • By Mihai Matei
  • 6 hours ago
Galaxy A01 gets the March 2023 security update in the US

Galaxy A01 gets the March 2023 security update in the US

Samsung is releasing its latest software update to many old low-end and mid-range devices. The latest device from the company’s stable to get the new update is the Galaxy A01. Released in late 2019, the affordable smartphone has now started getting the March 2023 security update. The latest software update for the Galaxy A01 bumps […]

  • By Asif Iqbal Shaik
  • 10 hours ago
Galaxy Note 10 is getting February 2023 security update one month late in the US

Galaxy Note 10 is getting February 2023 security update one month late in the US

Last month, Samsung released the February 2023 security update to the Galaxy Note 10 series. However, the US versions of the phones in the Galaxy Note 10 lineup are getting that update now, which means the update is more than one month late. The carrier-locked versions of the Galaxy Note 10 and Galaxy Note 10+ […]

  • By Asif Iqbal Shaik
  • 11 hours ago
As Vodafone shuts down RCS in the UK, Samsung Messages to get RCS support soon

As Vodafone shuts down RCS in the UK, Samsung Messages to get RCS support soon

Vodafone has announced that it is pulling the plug on its own RCS messaging support in the UK. An alert is already going out to the customers that the RCS messaging support will shut down between March 15 and March 31, 2023. According to some users, a message delivered by Vodafone tells the customers that the […]

  • By Sagar Naresh
  • 12 hours ago
Galaxy A03 Core is finally getting a long-awaited OS upgrade

Galaxy A03 Core is finally getting a long-awaited OS upgrade

We haven’t heard much about Android 12 lately because, for the most part, Samsung closed that chapter and is now focusing on distributing One UI 5.1 to more Galaxy phones and tablets. But today, the almost endless string of One UI 5.1 news got interrupted by Android 12 because the latter version is now rolling […]

  • By Mihai Matei
  • 1 day ago