A virus of Smartphones Android sophisticated he was uncovered recently by the cybersecurity company Zimperium Zlabs, that the detailed.
THE malware was called Godfather (“Padrinho”, in Portuguese), original title of the famous film “The Powerful Boss“, Starring Marlon Brando and directed by Francis Ford Coppola. This virus acts, in particular, against financial appsaiming acquire information bank accounts to access them.
How the new Android smartphone virus attacks you
- The way Godfather attacks users is very complex. Viruses of this type use False login screens or techniques for credential extraction;
- In the case of the new virus, it is hidden in Apks (Android executables, similar to Windows .exe files) that are installed outside the official application stores, such as Google Play Store;
- When the user installs the malicious app, it allows Godfather to download its other packages that allow it to act, and establish a connection online between the device and the criminals server;
- At the same time, he asks the user to grant him several Accessibility Permissionswhich are usually resources Useful and harmless. But in the case of Godfather, the idea is Get access to privilegesas reading screen content and texts typed on the virtual keyboard.
Read more:
To get all this, something important for malware is the process of virtualizationbecause the virus creates a Copy of bank data the victim in a virtual machine And when the user tries to open the bank’s app, malware Open the clone Created virtually.
In this virtualization, the app runs with the same interface of the original and even gives access to All available items. Only, in this clone, when he is running, the criminals can see and collect everything What is selected and entered, such as tokens, passwords and logins.
Even the unlock code or unlocking pattern of the smartphone screen It is open to theftbecause the bad guys put a fake Overlapping the original, so as to gain broader access to the phone.
But if the creation of an app clone doesn’t work, malware has another sleeve trick: the classic method of Login page overlayto catch even those who think they got rid of the advanced technique.
Who has been targeted?
So far, this attack is well directed, involving some financial institutions of the Türkiyebut have already been identified More than 480 vulnerable apps to Godfather, such as banks, fintechs and cryptocurrency brokers.
Despite being directed, with the eventual success of the coup, it is possible that he be explored in more countries And even, marketed with more cybercriminals, and may even variant from him.
Therefore, the warning is: Avoid installing apps outside the play store and keep an eye out In permissions given to applications, even if they have been officially downloaded and installed.
