An Android banking malware named 'Godfather' has been targeting users in 16 countries, attempting to steal account credentials for over 400 online banking sites and cryptocurrency exchanges.
The malware generates login screens overlaid on top of the banking and crypto exchange apps' login forms when victims attempt to log in to the site, tricking the user into entering their credentials on well-crafted HTML phishing pages.
The Godfather trojan was discovered by Group-IB analysts, who believe it is the successor of Anubis, a once widely-used banking trojan that gradually fell out of use due to its inability to bypass newer Android defenses.
ThreatFabric first discovered Godfather
in March 2021, but it has undergone massive code upgrades and improvements since then.
Also,
Cyble published a report yesterday highlighting a rise in the activity of Godfather, pushing an app that mimics a popular music tool in Turkey, downloaded 10 million times via Google Play.
