Godfather Android Trojan Doesn't Target Russians

The Godfather, an Android banking Trojan that has targeted the users of more than 400 apps across the globe, has functionality that stops it from attacking users who speak Russian

Source: group-ib.com

Security researchers from Group-IB are warning about the banking Trojan called the Godfather. It targets users of more than 400 apps in 16 countries. However, those speaking Russian or some of the other languages used in the former Soviet Union may feel safe – the Godfather doesn’t target them.

Group-IB has presented its analysis of the Godfather Trojan utilised by cybercriminals since 2021 to attack users of leading banking and crypto exchange applications in 16 countries.

Trojan origin

The virus is very dangerous as it creates convincing web fakes and overlays them on the screens of infected devices. Thus, when a user tries to open a targeted application, attackers steal victims’ login credentials. Then, they try to bypass 2FA to gain access to victims’ accounts.

The research team found out that Godfather is a successor of a widely-used banking Trojan Anubis, whose functionalities were limited. Its source code was leaked back in 2019 and malware developers updated the Trojan to continue attacking users. The criminals modified Anubis’ traffic encryption algorithm, updated Google Authenticator OTPs, and added a separate module for managing virtual network computing connections.

Regional distribution

As of October 2022, 215 banks, 94 crypto wallet providers, and 110 crypto exchange platforms have been targeted. According to Group-IB’s findings, the Godfather has targeted the most banking applications in the US (49 companies), Turkey (31), Spain (30), Canada (22), France (20), Germany (19), and the UK (17).

At the same time, Group-IB found an interesting twist in Godfather’s code. It prevents the Trojan from attacking users who speak Russian or other languages used in the former Soviet Union. The virus checks the system language of the infected device and shuts down if the language is: Russian, Azerbaijani, Armenian, Belarusian, Kazakh, Kyrgyz, Moldovan, Uzbek, or Tajik. Therefore, the researchers suggest that the developers of Godfather are Russian-speaking and come from one of those non-affected countries.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Godfather Android Trojan Doesn’t Target Russians

Trojan origin

Regional distribution

SEE ALSO:

Nina Bobro

Breaking News

CEOs of OpenAI, Google and Microsoft to Join Federal AI Safety Panel

Alphabet’s Value Exceeds $2 Trillion Mark

Elon Musk’s xAI Reportedly Close to Raising $6 Billion

Intel Shares Fall Due to Weak PC Chip Demand

Banking-as-a-Service Platform Revenue to Reach $94 Billion Globally by 2028

Join Us

Newsletter

Godfather Android Trojan Doesn’t Target Russians

Trojan origin

Regional distribution

SEE ALSO:

Nina Bobro

Related Posts

Breaking News

Join Us

Newsletter

Get Updates