BaFin warned about the new Godfather virus

German financial regulator BaFin warned the public about the new Godfather virus. This is a virus for Android mobile phones that steals cryptocurrency app data. According to the regulator, at the moment Godfather can steal data from about 400 banking and cryptocurrency applications, and not only German ones.. The list includes applications from 200 banks, 100 cryptocurrency exchanges and 94 wallets. The Godfather virus replaces real applications and websites of banks and cryptocurrency platforms with its pages. The user enters their passwords, the virus steals them, and the attackers transfer funds to their accounts. In addition, the virus can read SMS on the user's phone, which allows hackers to bypass two-factor authentication. Hackers sewed certificates of the Google Protect tool into Godfather, so the virus can have access to the Accessibility settings on the phone. Thus, he gets the opportunity to capture an image from the phone screen, intercept all input data, and so on. “It is not yet clear how exactly the malware got onto users’ smartphones,” the department said in a statement. Most likely, cybercriminals spread the virus under the guise of legitimate applications on Google Play. Some users may have downloaded an infected apk file to their smartphone on their own. Interestingly, the virus does not work on phones where the main language is set to Uzbek, Russian, Azerbaijani, Kazakh, Kyrgyz, Armenian, Tajik, Belarusian or Moldovan. In early December, it was reported that attacks were being carried out on cryptocurrency investors using groups in the Telegram messenger.