Malware infects applications and devices by impersonating them Google ProtectA protective tool Android.

Troy is known as godfather or godfather and is in over 400 applications Google Play StoreAccording to an investigation by The Hacker News.

Infected platforms include 215 international banks, 94 cryptocurrency wallets and 110 cryptocurrency exchanges United States, Turkey, Spain, Canada, Germany, France and Great Britain.

You may be interested in:

A virus that evolves

This malware was first discovered in June 2021, but stopped appearing for a while before resurfacing in recent months.

In order to function, Godfather overlays real applications and in this way receives the data that users enter.

The methodology that is implemented is through the Accessibility API Android call Google ProtectWhere they are able to record videos, track people’s clicks, take screenshots, track text messages and calls.

The researchers discovered that the network infrastructure of the virus has a domain address and control from another application; In addition, take banking Trojans Anubis as a base to improve their offensive tools.

“The Godfather developers have also modified the Anubis traffic encryption algorithm, updating several features such as OTP Google Authenticator and added a separate module to manage virtual network computing connections,” the researchers said.

The above shows the level of sophistication the malware has with its protocols and improved communication capabilities for control, which allowed it to spread to 16 countries.

You may be interested in:

How to avoid these attacks

Given the advancement of this type of malware, users should be very aware of where they download apps that provide personal data, especially banking-related ones. The best alternative is to go to official stores for similar phones Google Play Store i Application store.

But it is also necessary to update the mobile phone so that it has all available security patches provided by the phone manufacturer and operating system.

In addition, reporting any anomalies in the use of banking platforms and suspending any process in case of reporting a cyber attack.

Another banking malware has been identified

Another virus that also attacks banking applications is the so-called Zombinder. In this case, cybercriminals use Wi-Fi connection authorization applications, such as those that appear in hotels or public networks, to invite victims to download a supposedly official platform that allows a connection to be established.

By installing the application on the mobile phone, the malware has the ability to carry out various attacks such as email Steal mail, verification codes, credentials, and phrases that protect cryptocurrency wallets.

The virus hides in “zombie” applications, hence its name. These platforms are useless to the user, but they infect the device, even with third-party malware.

Continue reading: