BaFin Raises Alarm on Trojan ‘Godfather’ Affecting Banking and Crypto Apps

Germany’s Federal Financial Supervisory Authority (BaFin) has urged consumers to beware of ‘Godfather’, a trojan virus that attacks Android-based banking and cryptocurrency apps. The regulatory authority announced on Monday that the trojan virus currently “records user input from banking and crypto apps.”

BaFin in a statement noted that the malware has attacked about 400 banking and crypto apps from around the world including Germany.

“How exactly the software gets onto the infected end devices of consumers is unclear. Godfather is known to display fake websites of regular banking and crypto apps. When consumers log in via these websites, their login details are transmitted to the cyber criminals,” Bafin explained in the statement.

Furthermore, the German regulator explained that the malware sends push notifications to unsuspecting users in order to get the codes for the two-factor authentication security system. “With this data, the cyber criminals may be able to access consumers' accounts and wallets,” BaFin added.

Watch the FMLS22 session on how security in the fintech industry is being disrupted.

United States and Turkey Most Affected by ‘Godfather’ Trojan, Says Group-IB

Meanwhile, Group-IB, a cybersecurity services provider, recently warned users to exercise extreme caution when using these apps.

According to the cybersecurity firm, the United States, Turkey and Spain account for the highest number of trojan or ‘Godfather’ malware activities. Canada, France, Germany and the UK are also hotbeds for the trojan, Group-IB said.

Additionally, the cybersecurity firm noted the ‘Godfather’ malware attacked users in 16 countries last year. These attacks affected 215 banking apps, 94 crypto wallets and 110 cryptocurrency exchange platforms.

Moreover, Group-IB in its report said the ‘Godfather’ malware code has an interesting functionality that prevents it from attacking users located in Russian-speaking and former Soviet Union countries. This suggests that the creators of the virus are from Russia or one of the former Soviet states, the cybersecurity firm said.

“The emergence of Godfather underscores the ability of threat actors to edit and update their tools to maintain their effectiveness in spite of efforts by malware detection and prevention providers to update their products,” Artem Grischenko, a Junior Malware Analyst at Group-IB, noted.