An Android banking trojan known as GodFather is being used to target users of more than 400 banking and cryptocurrency apps spanning across 16 countries.
This includes 215 banks, 94 crypto wallet providers, and 110 crypto exchange platforms serving users in the U.S., Turkey, Spain, Italy, and Canada, among others, Singapore-headquartered Group-IB said in a report shared with The Hacker News.
The malware, like many financial trojans targeting the Android ecosystem, attempts to steal user credentials by generating convincing overlay screens (aka web fakes) that are served atop target applications.
First detected by Group-IB in June 2021 and publicly disclosed by ThreatFabric in March 2022, GodFather also packs in native backdoor features that allows it to abuse Android’s Accessibility APIs to record videos, log keystrokes, capture screenshots, and harvest SMS and call logs.
