Security researchers are issuing warnings about Godfather, an Android banking Trojan that has compromised users of over 400 applications.
According to Group-IB, cybercriminals are utilizing Godfather to focus on users of banking and cryptocurrency exchange apps across 16 countries. The Trojan employs deceptive techniques, generating realistic web overlays that appear on the screens of infected devices when a targeted app is launched.
This allows criminals to steal login credentials and circumvent two-factor authentication, enabling them to access accounts and deplete funds. As of October, Godfather has targeted 215 banks, 94 cryptocurrency wallet providers, and 110 crypto exchange platforms in countries such as the US, UK, Canada, and Turkey.
Group-IB also discovered that the Trojan’s code contains restrictions preventing it from attacking users who speak Russian or several languages used in former Soviet states.