A new malware has been going around which is targeting both centralized banks as well as crypto exchanges in equal measure. This malware is being referred to as the Godfather, and it can take both bank accounts and crypto exchange accounts thereby putting user funds in serious jeopardy. The Godfather malware has been targeting hundreds of entities across the world, with 400 in total being impacted by it so far.
With all of that having been said and now out of the way, it is important to note that its targets are spread rather evenly across a few different countries. 49 of its targets were based in the US, 31 were in Turkey, 30 in Spain, 22 in Canada, 20 in France, 19 in Germany and 17 in the UK. An interesting fact about this malware is that it shuts itself down if it detects certain languages that are being used in the device.
These languages include Russian, Armenian, Bulgarian and many more that come from countries which are within Russia’s sphere of influence. This lends a lot of credence to the notion that this malware is Russian in origin, or at the very least comes from a malicious actor based in a country sympathetic to Russia’s cause.
One the apps found to contain this malware has been downloaded over 10 million times, so it has clearly had a while to develop its base of victims while it was still in the wild. Researchers have not even been able to find the main source of infection, with only minor Google app channels being noted so far.
That suggests that the malware may be even more prevalent than we currently know. Malware such as this one can do more damage than might have been the case otherwise if it is operating undetected, so until the main channel of infection is discovered it will still pose a significant threat to most users.
The malware also imitates Google Protect which allows it to gain access to the Accessibility Service. This gives it widespread control over the device as well as your personal financial accounts.
H/T: Group-ib / Cyble
Read next: The Cyber-Security market has grown despite the challenges it faced within the economy
With all of that having been said and now out of the way, it is important to note that its targets are spread rather evenly across a few different countries. 49 of its targets were based in the US, 31 were in Turkey, 30 in Spain, 22 in Canada, 20 in France, 19 in Germany and 17 in the UK. An interesting fact about this malware is that it shuts itself down if it detects certain languages that are being used in the device.
These languages include Russian, Armenian, Bulgarian and many more that come from countries which are within Russia’s sphere of influence. This lends a lot of credence to the notion that this malware is Russian in origin, or at the very least comes from a malicious actor based in a country sympathetic to Russia’s cause.
One the apps found to contain this malware has been downloaded over 10 million times, so it has clearly had a while to develop its base of victims while it was still in the wild. Researchers have not even been able to find the main source of infection, with only minor Google app channels being noted so far.
That suggests that the malware may be even more prevalent than we currently know. Malware such as this one can do more damage than might have been the case otherwise if it is operating undetected, so until the main channel of infection is discovered it will still pose a significant threat to most users.
The malware also imitates Google Protect which allows it to gain access to the Accessibility Service. This gives it widespread control over the device as well as your personal financial accounts.
H/T: Group-ib / Cyble
Read next: The Cyber-Security market has grown despite the challenges it faced within the economy
