The German Federal Financial Supervisory Authority (BaFin) has warned about the Godfather virus, which infects Android smartphones. This Trojan horse allows hackers to retrieve banking and cryptocurrency application credentials through fake login pages.
https://cryptoast.fr/godfather-virus-ciblerait-400-applications-bancaires-cryptomoines/
The German financial policeman warns of the Godfather virus
The German financial policeman, known as the Federal Financial Supervisory Authority (BaFin) has alerted to the Godfather virus, malware that attacks banking and cryptocurrency applications. The number of targeted applications would be 400.
However, relatively little information is available about how Godfather infects devices, and the specific platforms it targets. Once the device is infected, the virus would generate fake versions of the login pages of genuine applications. When a user tries to log in, the information will be passed on to hackers in order to steal the funds present in the real accounts.
Notifications can also be sent to the victim’s device in order to invite him to enter your double authentication codein order to retrieve the latter as well.
Last December, the cybersecurity company Group-IB had already alerted on the subject, estimating that the Godfather virus would operate since June 2021, and would be an improved version of the Trojan Anubiswhich had a similar operation:
Group-IB’s #ThreatIntelligence detected more than 400 international financial companies targeted by the #Godfather #Android banking #Trojan between June 2021 and October 2022. Godfather’s predecessor is another #banking Trojan named #Anubis:https://t.co/Kf2IGvrLnk pic .twitter.com/JERnAuNfAC
— Group-IB Global (@GroupIB_GIB) December 21, 2022
Godfather would target smartphones running on Androidwhose updates had precisely made it possible to fight Anubis.
👉 To go further – Find our guide on best practices to limit the risk of hack
The best way to secure your cryptocurrencies 🔒
🔥 The world leader in crypto security
How to protect yourself from it?
Unfortunately, there is no miracle recipe to eliminate the risk of your device becoming infected. However, Groupe IB noticed that this could happen through the download third party apps from play store. It is then necessary to be sure of the application that one wishes to download.
Furthermore, note that a virus like Godfather could very well be found in archives found for free on the webwhile the application it hosts is supposed to be paid.
In addition to two-factor authentications (2FA), it can be interesting add a physical validation mechanism on money-related apps. For example, YubiKeys from the Yubiko company plug into a USB port and serve as additional security when connecting to a service.
In addition to protecting wallets, Ledger hardware wallets can also fulfill this role, through the Fido U2F app. This allows you to validate a physical connection to access an account, an email address or certain social networks. This application installs from Ledger Live:
Figure 1 – Fido U2F on Ledger Live
Some exchanges like Binance enable physical validation when withdrawing funds. To do this, go to the security settings:
Figure 2 – Security menu on Binance
Regarding double authentication by email, more and more platforms also allow you to configure a keyword, which will be recalled in the email. to make sure it’s not a phishing attempt. Generally speaking, caution when downloading an app is still the best advice.
👉 Also in the news – Balancer warns of a technical problem and asks to withdraw liquidity from certain pools
Sources: BaFin, Images: Binance, Ledger Live
Newsletter 🍞
Receive a summary of crypto news every Monday by email 👌
What you need to know about affiliate links. This page presents assets, products or services relating to investments. Some links in this article are affiliated. This means that if you buy a product or register on a site from this article, our partner pays us a commission. This allows us to continue to offer you original and useful content. There is no impact on you and you can even get a bonus by using our links.
Investments in cryptocurrencies are risky. Cryptoast is not responsible for the quality of the products or services presented on this page and could not be held responsible, directly or indirectly, for any damage or loss caused following the use of a good or service highlighted in this article. Investments related to crypto-assets are risky by nature, readers should do their own research before taking any action and only invest within the limits of their financial capabilities. This article does not constitute investment advice.
AMF recommendations. There is no guaranteed high return, a product with high return potential involves high risk. This risk-taking must be in line with your project, your investment horizon and your ability to lose part of this savings. Do not invest if you are not ready to lose all or part of your capital.
To go further, read our Financial Situation, Media Transparency and Legal Notices pages.
I timidly discovered the world of blockchain at the end of 2018 during my quest for financial freedom. Initially invested moderately, it was only two years later that I took the gamble of betting everything on the movement that was taking shape then. I then dedicate 2021 to training myself better to acquire more knowledge and seriousness. As I often like to say: I still have a billion things to learn. And what I do know, I want to share with you.
Vincent Mayor
435 items