Malware warning targets hundreds of banking apps globally

Experts from the US mobile security research firm Zimperium have discovered a type of malware targeting the Android platform, called “Godfather”, capable of creating an isolated virtual environment on mobile devices to steal account login information and take control of banking and financial applications on the device.

Godfather malware was first detected in 2021, but the newly discovered version of this malware has become more sophisticated and difficult to identify.

Accordingly, the Godfather malware is spread through .apk format installation files (application installation files) on the Android platform. Once a user accidentally installs an application containing this malware, Godfather will silently scan the victim's device to check whether banking, financial, e-wallet or digital wallet applications are installed or not...

Once it detects a target application, the Godfather malware will place these applications into a virtualized environment it creates.

When users activate banking, financial or e-wallet applications on their smartphones, these target applications are actually running on a virtualized environment controlled by Godfather, instead of running directly on the smartphone.

Users still see the real interface of the banking or e-wallet application, but in fact these applications are controlled by the Godfather malware. The malware can record the user's bank account login information, the user's screen touches and record responses from the bank's server.

Banking application login information will be collected by Godfather malware, then sent to an external server controlled by hackers.

After having the login information to the bank account or e-wallet, the hackers will wait for the user to unlock the smartphone, they will activate fake interfaces such as application update notifications or black screens on the smartphone to hide the fact that the hackers are silently activating and logging into financial applications to steal the user's assets.

Zimperium experts said the Godfather malware is targeting 500 banking, cryptocurrency, and e-commerce apps worldwide , but is primarily targeting banks in Turkey.

Zimperium believes that the hackers behind this malware can completely use this method to attack any bank in any country they target.

To protect yourself from the Godfather malware in particular and malicious applications in general, smartphone users should only download and install applications from trusted sources. Absolutely do not download and install applications from .apk files found on the Internet or from unknown sources.

In addition, users should absolutely not open attachments in emails or on messaging applications sent from strangers (this method applies to both computer and smartphone users), and avoid clicking on advertisements with attractive content to avoid accidentally installing malware on the device.

Source: https://dantri.com.vn/cong-nghe/canh-bao-ma-doc-nham-den-hang-tram-ung-dung-ngan-hang-tren-toan-cau-20250625143612156.htm