tokenist.com
BaFin, Germany’s top financial regulator, warned crypto and TradFi users about a malware called “Godfather,” which is targeting around 400 crypto and banking apps. The malware steals users’ login data by displaying fake websites of legitimate banking and crypto exchange apps.
‘Godfather’ Malware Targeting 400 Crypto and Banking Apps
German financial watchdog BaFin warned consumers about a new malware known as “Godfather” targeting banking and crypto apps, the regulator said in a statement on Monday. The malware has affected roughly 400 apps and platforms, some of which are based in Germany, BaFin added.
According to the regulator, it remains unclear how exactly Godfather attacks consumers’ devices. However, it is known that it sends push notifications to consumers to obtain 2-factor authentication codes. This way, the attackers can “gain access to consumers’ accounts and wallets,” BaFin noted.
The malware also defrauds users by displaying fake websites of popular crypto and banking apps. Users who log into their accounts are directed to fake websites which are sending their login data to hackers. In addition, the malware can also steal other data like device information, SMS, and similar.
According to the cybersecurity portal PCrisk, the Godfather mimics the Google Protect tool and asks for access to the Accessibility Service. If a user provides access to the Accessibility Service, the Godfather can steal the user’s contacts and SMSs and allow it to make calls and record screens.
Further, the malware “shows fake login pages for legitimate banking and crypto exchange applications. Those phishing pages are used to steal credentials (login information like usernames, customer IDs, passwords, etc.),” PCrisk says.
Crypto Becoming Hackers’ Perfect Victim
This malware first emerged in December, when it reportedly attacked Android users across 16 countries. Cybersecurity professionals at Group-IB first warned about Godfather in 2021, though the malware has not been as active until late last year.
The reports of new attacks highlight that crypto remains one of the hackers’ favorite targets, particularly the DeFi sector. A research report by TRM Labs revealed that a record $3.7 billion worth of crypto funds were stolen in 2022 alone.
More recently, a DeFi whale lost $3.4 million in GMX tokens in a phishing attack, PeckShield and CertiK reported. Phishing attacks are similar to the Godfather malware as both try to steal login credentials through counterfeit websites.
What must global regulators do to protect crypto from hackers and cybercriminals? Let us know in the comments below.