Virus Godfather preys on crypto and bank account

The cybersecurity company Group-IB reports that the new Godfather virus has already made hundreds of victims among financial companies. This applies to banks, crypto exchanges and app providers of crypto wallets. Godfather is a so-called trojan horse and is hidden in (fake) apps from financial service providers. This virus has been active for some time, but the cybercriminals pass it on trojan horse sometimes on and have been much more active lately.

Godfather method
The cyber criminals behind Godfather are cunning: Godfather virus infects users by displaying fake websites of popular banking and cryptocurrency applications and stealing their credentials. First, the appearance of applications is copied and if you open that app on an infected device, you do not get the real app, but an identical-looking web version.
According to the German financial authority BaFin, it has yet to be determined exactly how the virus attacks users’ devices. It is known that the virus sends push notifications to get two-factor authentication credentials. This information allows cybercriminals to gain access to customers’ accounts and wallets.

400 banks and crypto exchanges
According to BaFin, the new malware targets about 400 banking and cryptocurrency applications and has already infected at least 419 companies in 16 countries. (article continues below image)

Source: Group-IB

50.9% of these are ‘ordinary’ financial institutions such as banks, including 143 in Europe, mainly in Spain, France, Germany, Italy and Turkey. But one of the affected banks is said to be Dutch, although we do not yet know which bank this is exactly.
Furthermore, at least 94 app providers of crypto wallets and 110 crypto exchanges have been affected. Unfortunately, we also do not know at these companies which duplicate apps are in circulation, we will keep you informed.

Source: Group-IB