Tag: Masquerades | SpinSafe

Godfather Banking Trojan Masquerades as Legitimate Google Play App

December 21, 2022/in Mobile Security

A type of Android malware that’s been targeting banking users worldwide since March has resurfaced with advanced obfuscation methods, masquerading as a legitimate application on the Google Play store with more than 10 million downloads, researchers have found.

Godfather is a banking Trojan that is best known for targeting banking users in European countries, but its latest activity shows an increased sophistication in its ability to fly under the radar of common malware-detection methods, researchers from Cyble Research & Intelligence Labs (CRIL) said in a blog post on Dec. 20.

Once it’s successfully installed on a victim’s device, Godfather initiates a series of typical banking Trojan behaviors, including stealing banking and crypto-exchange credentials, the researchers said. But it also steals sensitive data such as SMSs, basic device details — including data from installed applications — and the device’s phone number, and it can perform a number of nefarious actions silently in the background.

“Apart from these, it can also control the device screen using VNC [virtual network computing], forwarding incoming calls of the victim’s device and injecting banking URLs,” the Cyble researchers wrote.

The latest sample of Godfather that researchers discovered was encrypted using custom encryption techniques that could evade detection by common antivirus products — a new tactic of the threat actors behind the malware, the researchers said.

Targeting Businesses & Consumers

Upon further examination, the researchers found that the malware was using an icon and name similar to the legitimate Google Play app MYT Music, which already has logged more than 10 million downloads. Indeed, threat actors often hide malware on Google Play, despite Google’s best efforts in the last several years to keep bad apps off its store before users are affected by it.

MYT Music was written in the Turkish language and thus researchers assume the Godfather sample they discovered is targeting Android users in Turkey. However, they suspect other versions of the malware continue to be active and targeting banking users worldwide.

Though banking Trojans tend to affect consumers more than the enterprise, business…

Source…

FlyTrap malware masquerades as a coupon code to steal Facebook data

August 15, 2021/in Computer Security

There is a warning about a new form of malware for Android. The so-called FlyTrap malware looks for Facebook data and operates in a cunning manner. How do you recognize malware and what can you do about it?

FlyTrap malware on Android

Cybersecurity company Zimperium has discovered a new form of malware for Android. The malware is called FlyTrap. Thousands of users in at least 144 countries are said to have been affected by the malware. It was discovered that the malware could simply be found in the Google Play Store. It masquerades as an app that supposedly allowed you to register free coupon codes for Netflix, Google AdWords, or something else. In addition, malware has been detected in some football-related applications, where you can vote for the best football team or the best player.

Image via Zimperium

Fake login pages are often used, but the creators of this malware took a different approach. Users were redirected to a legitimate Facebook login page. Then a JavaScript injection was used. This made it possible to store data such as login details. To know the location, email address and IP address of users. They were caught this way. The information is then redirected to the hackers’ server.

Google has removed several apps from the Google Play Store following the Zimperium report. It may still be available for download via other channels. For this reason, it is again cautioned not to download them via any means other than the Google Play Store.