One more interesting detail to mention is that GodFather stops its operation if the language of the infected device is set to Russian, Azerbaijani, Armenian, Belarusian, Kazakh, Kyrgyz, Moldovan, Uzbek, or Tajik. If you want to learn more about the technical specs of GodFather banking trojan, you can check out this page. GodFather also abuses access granted through the Accessibility Service to complicate manual removal, steal two-factor authentication codes, process different commands, and hijack data from PIN and password fields. After the permissions are granted, the trojan gets complete liberty to run its malicious actions. The trojan does it by imitating the legitimate “Google Protect” tool, therefore making the process look ordinary and less likely to trigger suspicion from users. Before GodFather becomes capable of performing such malicious action, it needs users to allow certain permissions (access to SMS texts and notifications, screen recording, contacts, making calls, recording to external storage, and reading the device status) in the Accessibility Service window. This way, it tricks users into entering their login data on fake screens, which later allow threat actors to access finance-related accounts and abuse them for financial fraud. The GodFather trojan functions by creating overlaid log-in screens and displaying them over legitimate apps or web pages. Developers behind this malware seek to exfiltrate account credentials and use them for accessing 400+ online banking pages and crypto exchanges across 16 countries worldwide. GodFather is the name of a banking trojan that targets Android devices.
0 Comments
Leave a Reply. |