Experts from the mobile security research firm Zimperium (USA) have discovered a type of malware targeting the Android platform, called “Godfather”, capable of creating an isolated virtual environment on mobile devices to steal account login information and take control of banking and financial applications on the device.
The Godfather malware was first detected in 2021, but the newly discovered version of the malware has become more sophisticated and difficult to detect.
Accordingly, the Godfather malware is spread through .apk format installation files (application installation files) on the Android platform. Once a user accidentally installs an application containing this malware, Godfather will silently scan the victim's device to check whether banking, financial, e-wallet or digital wallet applications are installed or not...
Once it detects a target application, the Godfather malware will place these applications into a virtualized environment created by it.
Banking applications are controlled by Godfather malware in a virtual environment to steal login information to appropriate assets (Photo: Zimperium).
When users activate banking, financial or e-wallet applications on their smartphones, these target applications are actually running in a virtualized environment controlled by Godfather, instead of running directly on the smartphone.
Users still see the real interface of the banking or e-wallet app, but in fact these apps are controlled by the Godfather malware. The malware can record the user's bank account login information, screen taps, and responses from the bank's server.
Banking application login information will be collected by Godfather malware, then sent to an external server controlled by hackers.
After having the login information to the bank account or e-wallet, the hackers will wait for the user to unlock the smartphone, they will activate fake interfaces such as application update notifications or black screens on the smartphone to hide the fact that the hackers are silently activating and logging into financial applications to steal the user's assets.
Zimperium experts said the Godfather malware is targeting 500 banking, cryptocurrency and e-commerce applications worldwide , but mainly targeting banks in Turkey.
Zimperium believes that the hackers behind this malware can completely carry out this method to attack any bank in any country they target.
To protect yourself from the Godfather malware in particular and malicious applications in general, smartphone users should only download and install applications from trusted sources. Absolutely do not download and install applications from .apk files found on the Internet or from unknown sources.
In addition, users should absolutely not open attachments in emails or on messaging applications sent from strangers (this method applies to both computer and smartphone users), and avoid clicking on ads with attractive content to avoid accidentally installing malware on the device.
Source: https://dantri.com.vn/cong-nghe/canh-bao-ma-doc-nham-den-hang-tram-ung-dung-ngan-hang-tren-toan-cau-20250625143612156.htm
![[Photo] General Secretary To Lam receives Australian Ambassador to Vietnam Gillian Bird](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/6/26/ce86495a92b4465181604bfb79f257de)
![[Photo] Candidates take the first graduation exam with the new Literature topic](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/6/26/dfded9e317554c25a3e26defe672ebb7)
Comment (0)