Recently, the cybersecurity technology company Gorup-IB identified that 16 countries were affected by a trojan virus attack. Experts have reported that such a virus is capable of stealing all bank credentials and even cryptocurrencies. The virus was first identified in June 2021.
The trojan has been recognized as Godfather, and it usually attacks devices android. The act has been happening around the world, with 400 bank applications being informed about what happened and all of them were affected. Among the victims of the hacker attack are about 215 international banks, 110 cryptocurrency platforms (exchanges) and 94 cryptocurrency wallets.
see more
How to get your CNH for free in 2023?
After hacker attacks, Microsoft releases free tools for…
Countries affected by hacking
The cybersecurity firm identified that the attacks took place in Italy, the United States, Poland, the United Kingdom, France, Canada, Turkey and Spain.
“Interestingly, Godfather saves users in post-Soviet countries. If the potential victim's system preferences include one of the languages in that region, the Trojan will be terminated. This may suggest that the Godfather developers use the Russian language,” the security firm pointed out.
Experts point out that the trojan invades the system through false links, precisely created to attack these apps. The user clicks on the link created by the hacker and the invasion begins. Therefore, it is essential to avoid clicking on unknown links, whether anywhere on the internet.
According to Group-IB, these are the practices of the Godfather
The cybersecurity specialist company noted that the virus used is not something entirely new.
“The Godfather developers took the Anubis source code as a base and modernized it to more modern versions. latest versions of Android, adding relevant features and removing others such as file encryption”, highlighted.
The cybersecurity team identified these hacker practices:
- Recording the victim's device screen;
- Starting keyloggers;
- Establishing WebSocket connections (added in the new September 2022 release of Godfather)
- Establishing VNC connections;
- Call forwarding (to bypass two-factor authentication);
- Exfiltration of push notifications (to bypass two-factor authentication). Earlier versions of the Trojan also exfiltrated SMS messages;
- Starting proxy servers;
- Executing USSD requests;
- Sending SMS messages from infected devices.
Lover of movies and series and everything that involves cinema. An active curious on the networks, always connected to information about the web.