- New version of Zimperium Spot Godfather among Turkish Android users
- The new version creates virtualized version of the valid banking app in a sandbox
- It can exfiltrate login credentials, pin code and unlock pattern
The infamous Godfather Malware for Android phones is back with a vengeance, warning, targeting victims with an advanced build that makes it more dangerous than ever.
Cyber security researchers Zimperium have claimed that an updated version of notorious malware has been seen in the wild, and it is even more dangerous because it simplifies things, while even better than detection.
Godfather is a banking trojan, which is used to steal money from people’s bank accounts. The first variant acted as an overlay – placed an invisible layer at the top of the valid banking apps. Therefore, when the victims bring their apps and start typing in their login credentials, they will be picked up by overlay and sent to the attackers, who will later log in to the app and withdraw cash.
Virtue attack
The new version, however, digging the overlay approach to something more frightening – creating the virtualized version of the app.
On compromised equipment, malware will launch a virtual example of the banking app inside a sandbox. In this way, malware does not need to ask for excessive permission to wire fraud, and this means that the victims may not even trust the valid apps established by them.
When the victim becomes infected, the malware first analyzes the installed apps and looks for a banking that fits.
If it finds one, it creates an virtualized version that launches whenever the victim tries to bring the valid.
In addition to stealing login credentials, Godfather can exfiltrate the pin code and unlock the pattern, and control the device from a distance during off-hours (in the middle of the night, for example), make wire transfer while the victim is sleeping.
Zimperium says that it has only visited the Godfather among Turkish Android users so far, but warned that malware operators can pill west at the west at any time, so banking users must be on their guard everywhere.
Through Tightness
