- Zimperium sees a new version of godfather among Turkish users in Android
- New version creates virtualized versions of legitimate bank applications in a sandbox
- You can ex -login credentials, pin codes and unlocking patterns
Android’s notorious sponsor malware has returned with revenge, experts have warned, pointing to victims with an improved construction that makes it more dangerous than ever.
Cybersecurity researchers Zimperium claim to have seen an updated version of infamous malware in nature, and this is even more dangerous, since it simplifies things while evading detection even better.
The godfather is a banking Trojan, used to steal money from people’s bank accounts. The previous variants functioned as an overlap: place an invisible layer on legitimate banking applications. Therefore, when the victims mention their applications and begin to write their login credentials, these would be collected by the overlap and sent to the attackers, who would later initiate the application in the application and make cash withdrawals.
Virtualization attacks
However, the new version abandons the superimposed approach for something even more sinister: create a virtualized version of the application.
In committed devices, malware would launch a virtual instance of the bank application within a sandbox. In this way, malware does not even need to request excessive permits to make wire fraud, and media victims cannot even trust the legitimate applications they have installed.
When the victim is infected, the malware first analyzes the installed applications and looks for a bank that adjusts.
If you find one, create a virtualized version that is launched every time the victim tries to mention the legitimate one.
In addition to stealing login credentials, the godfather can exfilter pin codes and unlock patterns, and can remotely control the device during the hours outside the night (in the middle of the night, for example), making wire transfers while the victim is asleep.
Zimperium says he has only observed the godfather among Android Turkish users so far, but warned that malware operators can turn to the West at any time, so bank users everywhere should be on guard.
Through Infosecurity
