German regulator warns citizens of ‘Godfather’ malware targeting banking, digital currency accounts

Getting your Trinity Audio player ready...

Bad actors in the digital currency space are not slowing down in their attacks on the digital asset ecosystem, this time launching a new wave using the “Godfather” malware.

Germany’s Federal Financial Supervisory Authority (BaFin) has drawn attention to the rising incidences of the use of the “Godfather” malware by cybercriminals. BaFin made the warning via an official statement on January 9, saying that it operates by “recording user input in banking and crypto apps.”

Investigations reveal that attacks related to the malware currently exceed 400, but the total sum lost to the hackers remains unclear. Out of 16 countries with confirmed Godfather attacks, Germany appears to be the hardest hit of the lot, with authorities still unsure how the virus latches onto devices.

BaFin says that one of the ways that the malware gets in contact with users is through the impersonation of popular investment websites and apps. It suggests that logging in via fake apps or websites presents the opportunity for bad actors to steal the sensitive data of unsuspecting users.

“The malware also sends push notifications to get the codes for two-factor authentication. With this data, the cyber criminals may be able to gain access to consumers’ accounts and wallets,” BaFin’s warning read.

BaFin warned consumers to “learn practical tips on how to use apps safely on mobile devices” and to confirm a platform’s authenticity before inputting their login details.

The Godfather malware was discovered by Group-IB analysts, which the researchers believe is the successor of Anubis, a trojan that fell out of favor among hackers. The malware made its debut in March 2021 and underwent massive upgrades and improvements, making it a threat to Android users.

At least 50% of the Godfather’s attacks are financial institutions, while 22.2% and 25.7% are digital asset wallets and digital currency exchanges, respectively. It is widely believed that the malware creators are residents of the Commonwealth of Independent States (CIS).

Malware is wrecking the digital currency industry

In recent times, malware has emerged as a leading cause of concern for operators in the digital asset space, given the increase in attacks. Cybersecurity outfit Kaspersky Labs warned investors to brace themselves for more waves of trojan attacks against the industry in 2023.

“This coming year will be marked by the cyber epidemics with the biggest impact, the strength of which has been never seen before,” Kaspersky’s lead researcher Seongsu Park said.

The industry is still recovering from daring attacks from the state-sponsored Lazarus Group that cost the industry losses of over $600 billion. Hackers from East European countries are also wreaking havoc with successful scores of their own in 2022.

Watch: Sentinel Node – Blockchain Tools to Improve Cybersecurity