BaFin, Germany’s top financial regulator, warned crypto and TradFi users about a malware called “Godfather,” which is targeting around 400 crypto and banking apps. The malware steals users’ login data by displaying fake websites of legitimate banking and crypto exchange apps.
‘Godfather’ Malware Targeting 400 Crypto and Banking Apps
German financial watchdog BaFin warned consumers about a new malware known as “Godfather” targeting banking and crypto apps, the regulator said in a statement on Monday. The malware has affected roughly 400 apps and platforms, some of which are based in Germany, BaFin added.
According to the regulator, it remains unclear how exactly Godfather attacks consumers’ devices. However, it is known that it sends push notifications to consumers to obtain 2-factor authentication codes. This way, the attackers can “gain access to consumers’ accounts and wallets,” BaFin noted.
The malware also defrauds users by displaying fake websites of popular crypto and banking apps. Users who log into their accounts are directed to fake websites which are sending their login data to hackers. In addition, the malware can also steal other data like device information, SMS, and similar.
According to the cybersecurity portal PCrisk, the Godfather mimics the Google Protect tool and asks for access to the Accessibility Service. If a user provides access to the Accessibility Service, the Godfather can steal the user’s contacts and SMSs and allow it to make calls and record screens.
Further, the malware “shows fake login pages for legitimate banking and crypto exchange applications. Those phishing pages are used to steal credentials (login information like usernames, customer IDs, passwords, etc.),” PCrisk says.
Crypto Becoming Hackers’ Perfect Victim
This malware first emerged in December, when it reportedly attacked Android users across 16 countries. Cybersecurity professionals at Group-IB first warned about Godfather in 2021, though the malware has not been as active until late last year.
The reports of new attacks highlight that crypto remains one of the hackers’ favorite targets, particularly the DeFi sector. A research report by TRM Labs revealed that a record $3.7 billion worth of crypto funds were stolen in 2022 alone.
More recently, a DeFi whale lost $3.4 million in GMX tokens in a phishing attack, PeckShield and CertiK reported. Phishing attacks are similar to the Godfather malware as both try to steal login credentials through counterfeit websites.
This article originally appeared on The Tokenist
Sponsored: Attention Savvy Investors: Speak to 3 Financial Experts – FREE
Ever wanted an extra set of eyes on an investment you’re considering? Now you can speak with up to 3 financial experts in your area for FREE. By simply
clicking here you can begin to match with financial professionals who can help guide you through the financial decisions you’re making. And the best part? The first conversation with them is free.
Click here to match with up to 3 financial pros who would be excited to help you make financial decisions.
Thank you for reading! Have some feedback for us?
Contact the 24/7 Wall St. editorial team.
Editors' Picks
