Security researchers warns in a blog post that the GodFather malware is back. GodFather is a notorious Android banking Trojan known for targeting bank users, especially in European countries. Currently, the Trojan probably targets Android users in Turkey via the app called MYT Müzik, which is written in Turkish.
Advertising
Cyble Research & Intelligence Labs (CRIL) reported iabout this GodFather Android malware in a blog post in March 2022 and explained how it attacks Android banking users worldwide. Recently, CRIL identified several GodFather-Android samples masquerading as MYT application for Android.
The analyzed GodFather samples are encrypted with custom encryption techniques to evade detection by antivirus products. When installing this application on a test device, the security researchers noticed that the app uses an icon and name similar to those of a legitimate application called MYT Music. This legitimate app is hosted on Google Play Store and has more than 10 million downloads. The image below shows the icon and name of the malicious application on the Android device's screen.
GodFather Android malware, once successfully installed on the victim's device, steals sensitive data such as SMS, basic device data, including data about installed apps, and the device's phone number. It can also control the device's screen via VNC, forward incoming calls on the victim's device, and inject banking URLs. Details of the analysis can be read on the Cyble blog in this post. There are also tips on how to avoid or detect infections.
