Trojan horse the godfatherwas used in attacks targeting Turkey as well. Group-IB’s Threat Intelligence team detected this.
The statement about this remarkable pest by the Threat Intelligence team of security research company Group-IB was as follows: “Group-IB is currently the leader in cybercriminals in 16 countries. used by banking and crypto exchange applications to attack their users.presented its findings on the Godfather, the banking trojan running on the Android platform. The Godfather’s ability to create convincing fake websites when the user tries to open the targeted app and display them on top of the app on the screen of the leaked device has so far targeted users of more than 400 apps.
With this method, malicious people using Godfather try to steal victims’ login information, as well as bypass two-factor authentication to access victims’ accounts and withdraw their money. Group-IB’s Threat Intelligence team, in their investigation of this new Android trojan, said the Godfather’s functionality was limited by Android updates and past efforts by malware detection and blocking solution providers; discovered that it is a new version of the widely used banking trojan Anubis. Now the Godfather is on the scene and its use is increasing day by day.”
YOU MAY BE INTERESTED
According to the statement As of October 2022, 215 banks, 94 crypto wallet providers, and 110 crypto exchange platforms were targets of the Godfather. In addition, the trojan focuses on a wide geography, because many users in more than a dozen different countries are in danger of having their login information stolen by malicious parties. According to Group-IB’s findings, the most targeted banking applications with the said trojan are the United States (49 companies), in Turkey (31)Spain (30), Canada (22), France (20), Germany (19) and the United Kingdom (17).
According to the company statement The Godfather’s functions include:
- -Record the screen of the victim’s device
- – Establishing VNC connections
- -Keylogger operation
- -Secretly send push notifications elsewhere (to bypass two-factor authentication); Earlier versions of the trojan also secretly sent SMS messages elsewhere.
- -Call forwarding (to bypass two factor authentication)
- -Sending USSD requests
- -Send SMS messages from infected devices
- -Open a proxy server
- -Setting up Websocket connections (Added in new version of Godfather September 2022)