The German Federal Financial Supervisory Authority (BaFin) has warned about the Godfather virus, which infects Android smartphones. This Trojan horse allows hackers to obtain banking information and cryptocurrency application information through fake login pages.
The German financial policeman warns against the Godfather virus
The German financial policeman known as the Federal Financial Supervisory Authority (BaFin) has warned about the Godfather virus, malware that attacks banking and cryptocurrency applications. The number of targeted applications would be 400.
However, there is relatively little information about how Godfather infects devices and the specific platforms it targets. When the device is infected, the virus would generate fake versions of the login pages for genuine applications. When a user tries to log in, the information will be passed on to hackers to steal the funds in the real accounts.
Notifications can also be sent to the victim’s device to invite him to enter your double authentication codeto also pick up the latter.
Last December, cyber security firm Group-IB had already warned about the subject and estimated that the Godfather virus would be operational since June 2021, and would be an improved version of the Trojan Anubiswho had a similar operation:
Group IBs #ThreatIntelligence discovered more than 400 international financial companies targeted by #Godfather #Android banking business #Trojan between June 2021 and October 2022. Godfather’s predecessor is another #bank Trojan’s name #Anubis:https://t.co/Kf2IGvrLnk pic.twitter.com/JERnAuNfAC
— Group-IB Global (@GroupIB_GIB) 21 December 2022
Godfather would target smartphones running on Androidwhose updates had just made it possible to fight Anubis.
👉 To go further – Find our guide to best practices to limit the risk of hacking
The best way to secure your cryptocurrencies 🔒
🔥 The world leader in crypto security
How to protect against it?
Unfortunately, there is no miracle recipe to eliminate the risk of your device becoming infected. However, Groupe IB noted that this could be done through download third party apps from play store. It is therefore necessary to be sure about the application you want to download.
Also note that a virus like Godfather could very well found in archives available for free on the webwhile the application it hosts is supposed to be paid.
In addition to two-factor authentications (2FA), it can be interesting add a physical validation mechanism on money-related apps. For example, YubiKeys from the Yubiko company plug into a USB port and serve as extra security when connecting to a service.
In addition to protecting wallets, Ledger hardware wallets can also fulfill this role, through the Fido U2F app. This allows you to validate a physical connection to access an account, an email address or certain social networks. This application is installed from Ledger Live:
Figure 1 – Fido U2F on Ledger Live
Some exchanges like Binance enable physical validation when withdrawing funds. To do this, go to the security settings:
Figure 2 – Security menu on Binance
Regarding two-factor authentication via email, more and more platforms also allow you to configure a keyword that will be recalled in the email. to make sure it’s not a phishing attempt. In general, caution when downloading an app is still the best advice.
👉 Also in the news – Balancer warns of a technical problem and asks to withdraw liquidity from certain pools
Advance the world of cryptocurrencies with Cryptoast experts 📘
Sources: BaFin, Images: Binance, Ledger Live
Receive a roundup of crypto news every Monday via email 👌
What you need to know about affiliate links. This page presents assets, products or services related to investments. Some links in this article are affiliate. This means that if you buy a product or register on a website from this article, our partner pays us a commission. This allows us to continue to offer you original and useful content. There is no impact on you and you can even get a bonus by using our links.
Investing in cryptocurrencies is risky. Cryptoast is not responsible for the quality of the products or services presented on this page and cannot be held responsible, directly or indirectly, for any damages or losses caused after the use of any product or service highlighted in this article. Investments related to crypto-assets are risky by nature, readers should do their own research before taking any action and only invest within the limits of their financial means. This article does not constitute investment advice.
AMF recommendations. High returns are not guaranteed, a product with high return potential entails high risk. This risk-taking must be in line with your project, your investment horizon and your possibility of losing part of this savings. Do not invest if you are not ready to lose all or part of your capital.
To continue, please read our financial situation, media transparency and legal notices pages.