German authority issues warning over ‘Godfather’ malware attacks

Share IT

Key Takeaways:

  • One hundred ten cryptocurrency exchange platforms and 94 cryptocurrency wallet apps were targeted by the “Godfather” ransomware.
  • BaFin stressed that roughly 400 banking and cryptocurrency apps, including those running in Germany, are targeted by the new virus.

A new financial malware that affects banking and cryptocurrency applications is spreading quickly, and financial officials in Germany are raising the alarm.

On January 9, Germany’s Federal Financial Supervisory Authority (BaFin) issued a formal statement alerting customers to “Godfather,” malware that harvests user data from banking and cryptocurrency apps.

BaFin stressed that roughly 400 banking and cryptocurrency apps, including those running in Germany, are targeted by the new virus. The Godfather malware targets victims and steals their login information by showing false websites for popular banking and cryptocurrency apps.

The agency claims that the malware’s attack vector has not yet been identified. Push notifications are a known method used by malware to obtain two-factor authentication codes. According to BaFin, “cybercriminals may be able to access consumers’ accounts and wallets with this data.”

In December, claims that Godfather affected Android cellphones and specifically targeted individuals in 16 countries were initially made known. Although Group-IB cybersecurity researchers claim to have discovered the Godfather trojan in 2021, the malware has recently experienced significant activity growth and code alterations.

The majority of the banking apps targeted by Godfather, or close to 50% of them, are from the United States, according to Group-IB cybersecurity experts. Along with Turkey, Spain, and Canada, Germany is one of the nations most severely impacted. In addition, 110 cryptocurrency exchanges and 94 cryptocurrency wallet apps are known ransomware targets.

Furthermore, according to Group-IB’s assessment, the ‘Godfather’ malware code includes an intriguing feature that stops it from infecting people in nations with a Russian-speaking population and once part of the Soviet Union. According to the cybersecurity company, the virus’s creators are from Russia or an ex-Soviet country. Junior malware analyst Artem Grischenko of Group-IB stated:

“The emergence of Godfather underscores the ability of threat actors to edit and update their tools to maintain their effectiveness in spite of efforts by malware detection and prevention providers to update their products” 

One of the most common attacks on cryptocurrency apps in recent years has been Cryptojacking. The cybersecurity research firm Kaspersky predicts that malware attacks will increase in 2023 as the year will likely be characterized by the “cyber epidemics with the highest impact.”

Share IT
Deep
Deep

Can’t find what you’re looking for? Type below and hit enter!