A research team has detected a new type of Trojan virus, which has affected more than 400 apps on the Android Play Store, including 95 bitcoin (BTC) and crypto-currency wallets.
According to cybersecurity firm Group-IB, in its research, it pointed out that this Trojan has been operational since March 2022, when the first vulnerabilities were detected. However, to this day, many users can still be infected.
The Trojan, nicknamed Godfather, is primarily intended to attack banking applications. Its capabilities include generating notifications that redirect to fraudulent websites, where the user is asked to enter personal details, which are captured by the criminals’ servers.
Although it focuses on banking applications, Group-IB determined that 94 crypto-currency wallets were affected in 2022 by the Trojan, although it did not specify which ones.
The vulnerability was created because the virus has the ability to access services in applications. Although the Trojan is not able to crack the cryptography with which private keys are stored, by revealing the recovery seed, it can take a screenshot that is shared with hackers, the research group determined.
Godfather is based on an older Trojan known as Anubis, which Group-IB said had been patched from newer versions of Android, and thus would have lost its effectiveness. However, updates to the Godfather’s code have allowed it to survive.
Group-IB has drawn attention to two applications, both of which serve as vehicles for the Trojan. One of them is Currency Convert Plusan application for converting currencies. The other is a version of Google Protect, which emulates its antivirus function, but ends up installing Godfather on mobile devices. In the latter case, these are applications installed from third-party sources, such as pirate websites.
Similar viruses have hit crypto-currency users in the past. Trojan is a category given to viruses that infect digital devices through other seemingly harmless applications. They are an analogy of the Trojan horse in Homer’s Odyssey.