All you need to know about the ‘Godfather’ malware targeting this country’s financial system

• The ‘Godfather’ software makes a duplicate of a banking or cryptocurrency platform login screen in order to steal money.
• The spyware reportedly targeted 400 banking and cryptocurrency apps.

A new financial malware, named “Godfather,” which affects banking and cryptocurrency applications, is spreading quickly in Germany, and financial officials are raising the alarm.

On 9 January, Germany’s Federal Financial Supervisory Authority (BaFin) issued a formal statement alerting customers to the malware that harvests user data from banking and cryptocurrency apps.

BaFin stressed that until press time, the virus had targeted roughly 400 banking and cryptocurrency apps. By showing bogus websites for common banking and cryptocurrency apps, the Godfather malware targets victims and steals their login information.

The agency claimed that the malware’s attack vector has not yet been identified. Push notifications are a known method used by malware to obtain two-factor authentication codes. According to BaFin:

“Cybercriminals may be able to access consumers’ accounts and wallets with this data.”

What is Godfather malware?

The initial reports about Godfather appeared in December. Allegedly, the malware was affecting Android smartphones and aiming its attacks on people in 16 different nations. Group-IB cybersecurity researchers first reported on its existence in 2021, but over the last few months, activity growth and code changes modified the virus.

The Godfather targeted nearly 50% of all. Most of the compromised devices were from the United States, said the Group-IB cybersecurity experts.

Group-IB’s #ThreatIntelligence detected more than 400 international financial companies targeted by the #Godfather #Android banking #Trojan between June 2021 and October 2022. Godfather’s predecessor is another #banking Trojan named #Anubis:https://t.co/Kf2IGvrLnk pic.twitter.com/JERnAuNfAC

— Group-IB Global (@GroupIB_GIB) December 21, 2022

Germany, along with Turkey, Spain, and Canada, was the most impacted after the U.S. Additionally, 94 cryptocurrency wallet apps and 110 cryptocurrency trading platforms were the known targets of ransomware.

According to Chainalysis, a blockchain analysis company with headquarters in the United States, cryptocurrency theft increased by 516% from 2020 to $3.2 billion in 2021. It is unknown how the malware infects online devices, but once it does, it shows bogus websites for well-known banking and cryptocurrency programs, according to BaFin.

Cryptojacking on the rise

One of the most common attacks on crypto applications in recent years has been cryptojacking. Cybersecurity research firm Kaspersky predicted that malware attacks will increase in 2023, with the year likely to become synonymous with “cyber epidemics with the most impact.”

The research titled “2022 SonicWall Cyber Threat Report” from cybersecurity company SonicWall claims that cryptojacking attacks have increased in the banking sector by 269% year-to-date. This figure is nearly five times higher than cyberattacks directed at the retail sector.

According to the study from SonicWall, the total number of crypto-jacking incidents increased by 30% to 66.7 million in the first half of 2022.