Android Trojan: Godfather grabs data from banking apps

A new Android Trojan called Godfather is making the rounds, posing a huge security risk. Over 400 banking and crypto apps are affected.

Android Trojan Godfather targets banking apps

Android users beware, because with Godfather, a new Trojan is circulating that targeted over 400 international banking apps between June 2021 and October 2022 alone, and that in various countries, even Germany is among the targets, according to the warning from security experts.

It becomes particularly dangerous because the Trojan uses cloaked apps. According to security company Group-IB, Godfather builds on the Anubis malware program and targets 215 international banks, 94 crypto wallets and 110 crypto trading platforms. Providers from the US, Turkey, Spain, Germany or France are affected.

In Germany, a total of 19 companies from the financial sector are affected, but names are not mentioned in the security warning.

Besides Russia, however, other states from the former Soviet Union are also left out of the loop, with a feature in the source code not covering their language. It would be conceivable that the developers are from these regions.

Why is Godfather so dangerous?

You get Godfather on your device via unsafe apps in the Google Play Store, which bypass Google’s security scans. In doing so, the Trojan produces fake queries that are displayed when you interact with a fake notification or try to open one of the affected apps.

In the process, Godfather can log all inputs and read SMS and push notifications, thus bypassing two-factor authentications without you noticing unless you are familiar with the matter.

This is apparently how fake websites are layered right on top of regular banking and crypto apps, which transmit data to the criminals when you log in.

How to protect yourself from Godfather banking Trojan

To protect yourself from Godfather, you should generally not open any suspicious email attachments or links and only install apps from trusted sources.

It is also advisable to always keep your mobile devices as up-to-date as possible via updates and to always check their permissions before installing apps. The “AccessibilityService” is particularly important here – the input assistance service, as it is called in German, is used by Godfather and many other Trojans or malware programs.